Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0

from [Matteo Beccati] Network Security [Permanent Link]
Subject: [Full-disclosure] [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed
Date: Fri, 26 Jan 2007 09:17:25 +0100 
========================================================================
Openads security advisory                            OPENADS-SA-2007-002
------------------------------------------------------------------------
Advisory ID:           OPENADS-SA-2007-002
Date:                  2007-Jan-25
Security risk:         low risk
Applications affetced: Max Media Manager
Versions affected:     <= Max Media Manager v0.1.29-rc and v0.3.30-alpha
Versions not affected: >= Max Media Manager v0.3.31-alpha-pr2
========================================================================


========================================================================
Vulnerability:  Cross-site scripting
========================================================================

Description
-----------
This is the description of the vulnerability recieved by JPCERT:

"We have confirmed that in admin-search.php, scripts included in
'keyword' parameter is shown without proper sanitization thus the
script could be executed.

However a user needs to login the system as administrator, which makes
the exploit technically difficult.

If this vulnerability is exploited, by script execution, a user's
session ID included in HTTP Cookie might be stolen. Also there's a risk
that the contents of phpAdsNew are falsified temporarily."

Note: Max Media Manager is derived from phpAdsNew and was affected by
the same vulnerability. MMM v0.3.30-alpha also has affiliate-search.php
which was vulnerable as well.


References
----------
- JVN#07274813: http://jvn.jp/jp/JVN%2307274813/index.html


Solution
--------
- If you are running v0.3.x, upgrade to v0.3.30-alpha-pr2
- If you are running v0.1.x, a patch is available here:

https://developer.openads.org/changeset/3919?format=zip&new=3919


Contact informations
====================

The security contact for Openads can be reached at:
<security AT openads DOT org>


Best regards
--
Matteo Beccati
http://www.openads.org
http://phpadsnew.com
http://phppgads.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [USN-410-2] teTeX vulnerability, Kees Cook
Next by Date:  Re: [Full-disclosure] [c-nsp] Cisco Security Advisory: Crafted IP Option Vulnerability, Justin Shore
Previous by Thread:  [Full-disclosure] [USN-410-2] teTeX vulnerability, Kees Cook
Next by Thread:  Re: [Full-disclosure] [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed, Matteo Beccati
Indexes:  [Date] [Thread] [Top] [All Lists]