TextAds 2.08 Script Cross Site Scripting Vulnerability

vendor:

TextAds

by:

Ashiyane Digital Security Team

7.5

CVSS

HIGH

Cross Site Scripting

CWE

Product Name: TextAds

Affected Version From: 02.08

Affected Version To: 02.08

Patch Exists: YES

Related CWE: N/A

CPE: 2.3:a:idevspot:textads

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

TextAds 2.08 Script Cross Site Scripting Vulnerability

TextAds 2.08 Script Cross Site Scripting Vulnerability allows an attacker to inject malicious scripts into the Title field of the NewAds page. This can be used to steal the administrator's cookie and gain access to the site.

Mitigation:

Input validation should be used to prevent malicious scripts from being injected into the Title field.

Source

Exploit-DB raw data:

===========================================================================
# TextAds 2.08 Script Cross Site Scripting Vulnerability
===========================================================================
###########################################################################
# Name: TextAds 2.08 Script Cross Site Scripting Vulnerability
# Vendor: http://idevspot.com/TextAds2.php
# Price: $49.95
# Date: 2011-04-14
# Author: Ashiyane Digital Security Team
# Thanks to: 1337day.com,Securityreason.com,packetstormsecurity.com,
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: www.ashiyane.org/forums/
###########################################################################
###########################################################################

[+] Dork: intext:"Powered by TextAds 2.08" 

###########################################################################

[+] Vulnerability: / Title Field /

[+] Note: At First Register in Site , Go To "NewAds" Then in Title Field
      Put Your Script ! 
      Result : Administrator After Checking "Campagin Ads" Your 
      Script'll Run So > You Can Steal Admin Cookie !
      Seem's Have more Vulnerability but i didn't Check it YET !
          
[+] Demo: http://www.youtube.com/watch?v=gKhicG4Aqek

###########################################################################
===========================================================================
# Gr33tz:
# Ashiyane Members : BehroozIce,Q7x,,Virangar,Iman_taktaz,Keivan,Ali_eagle
# Taghva,M3QD4D,PrinceOfHacking,Hidden-Hunter,Root3r,elvator,unique2world
# Gladiator,Wahid,Encoder,mmilad200,n3me3iz,Classic,r3d.z0n3,injector,fr0nk
# mzhacker,zend,milad-bushehr,aliakh,__amir__,anti206,ruin3r,Hijacker,Rz04
#                &
# 1337 Member: r0073r,Side^effects,r4dc0re,eidelweiss,SeeMe,agix,gunslinger
# Sn!pEr.S!te,indoushka,Knockout,ZoRlu,AnT!-Tr0J4n,eXeSoul,
===========================================================================
# DisCovered By XroGuE !!!