1 ########################################## 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 ########################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Joomla com_socialads Persistent Xss Vulnerability Date : july 3,2010 Critical Level : HIGH vendor URL :http://techjoomla.com/ Author : Sid3^effects aKa HaRi special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_ greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz ####################################################################################################### Description: With SocialAds for JomSocial, you can create Facebook like demographically targeted ads to show on Your JomSocial Site. This extension allows advertisers to create their advertisement , Target the users they want to show the advertisement to, Decide if they want to pay by impressions or per click, Pay online & get the advertisement started up right away ! ####################################################################################################### Xploit : Persistent Xss Vulnerability Step 1: Register :D Step 2: Goto to the option called "MANAGE YOUR ADS" Step 3: In the ads description the attacker can post xss scripts DEMO URL :http://server/js/index.php?option=com_socialads&view=showad&Itemid=94 Attack Pattern :">>

XSS3d By Sid3^effects

Steap 4: Now check your ads :P DEMO URL :http://server/js/index.php?option=com_socialads&view=adsummary&Itemid=94&adid=23 ############################################################################################################### # 0day no more # Sid3^effects