Joomla! Component Techjoomla SocialAds - Persistent Cross-Site Scripting

EDB-ID:

14196




Platform:

PHP

Date:

2010-07-03


1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :    Joomla com_socialads Persistent Xss Vulnerability
Date : july 3,2010
Critical Level 	: HIGH
vendor URL :http://techjoomla.com/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description:
With SocialAds for JomSocial, you can create Facebook like demographically targeted ads to show on Your JomSocial Site. This extension allows advertisers to create their advertisement , Target the users they want to show the advertisement to, Decide if they want to pay by impressions or per click, Pay online & get the advertisement started up right away !

#######################################################################################################
Xploit : Persistent Xss Vulnerability

Step 1: Register :D

Step 2: Goto to the option called "MANAGE YOUR ADS"

Step 3: In the ads description the attacker can post xss scripts 

DEMO URL :http://server/js/index.php?option=com_socialads&view=showad&Itemid=94

Attack Pattern :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>

Steap 4: Now  check your ads :P

DEMO URL :http://server/js/index.php?option=com_socialads&view=adsummary&Itemid=94&adid=23
###############################################################################################################
# 0day no more 
# Sid3^effects