TextAds 2.08 Script - Cross-Site Scripting

EDB-ID:

17173

CVE:

N/A


Platform:

PHP

Date:

2011-04-15


===========================================================================
# TextAds 2.08 Script Cross Site Scripting Vulnerability
===========================================================================
###########################################################################
# Name: TextAds 2.08 Script Cross Site Scripting Vulnerability
# Vendor: http://idevspot.com/TextAds2.php
# Price: $49.95
# Date: 2011-04-14
# Author: Ashiyane Digital Security Team
# Thanks to: 1337day.com,Securityreason.com,packetstormsecurity.com,
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: www.ashiyane.org/forums/
###########################################################################
###########################################################################

[+] Dork: intext:"Powered by TextAds 2.08" 

###########################################################################

[+] Vulnerability: / Title Field /

[+] Note: At First Register in Site , Go To "NewAds" Then in Title Field
      Put Your Script ! 
      Result : Administrator After Checking "Campagin Ads" Your 
      Script'll Run So > You Can Steal Admin Cookie !
      Seem's Have more Vulnerability but i didn't Check it YET !
          
[+] Demo: http://www.youtube.com/watch?v=gKhicG4Aqek

###########################################################################
===========================================================================
# Gr33tz:
# Ashiyane Members : BehroozIce,Q7x,,Virangar,Iman_taktaz,Keivan,Ali_eagle
# Taghva,M3QD4D,PrinceOfHacking,Hidden-Hunter,Root3r,elvator,unique2world
# Gladiator,Wahid,Encoder,mmilad200,n3me3iz,Classic,r3d.z0n3,injector,fr0nk
# mzhacker,zend,milad-bushehr,aliakh,__amir__,anti206,ruin3r,Hijacker,Rz04
#                &
# 1337 Member: r0073r,Side^effects,r4dc0re,eidelweiss,SeeMe,agix,gunslinger
# Sn!pEr.S!te,indoushka,Knockout,ZoRlu,AnT!-Tr0J4n,eXeSoul,
===========================================================================
# DisCovered By XroGuE !!!