PHPAdsNew and PHPPGAds Multiple Input Validation Vulnerabilities
BID:17251
Info
PHPAdsNew and PHPPGAds Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 17251 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 27 2006 12:00AM |
| Updated: | Oct 24 2006 05:18PM |
| Credit: | Matteo Beccati <[email protected]> is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
phpPgAds phpPgAds 2.0.8 phpPgAds phpPgAds 2.0.7 phpAdsNew phpAdsNew 2.0.8 phpAdsNew phpAdsNew 2.0.7 |
| Not Vulnerable: |
phpPgAds phpPgAds 2.0.8 -pr1 phpAdsNew phpAdsNew 2.0.8 -pr1 |
Discussion
PHPAdsNew and PHPPGAds Multiple Input Validation Vulnerabilities
phpAdsNew and phpPgAds are prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
phpAdsNew and phpPgAds are prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
Exploit / POC
PHPAdsNew and PHPPGAds Multiple Input Validation Vulnerabilities
This issue can be exploited via a web client.
This issue can be exploited via a web client.
Solution / Fix
PHPAdsNew and PHPPGAds Multiple Input Validation Vulnerabilities
Solution:
The vendor has released an update to address these issues.
phpAdsNew phpAdsNew 2.0.7
phpAdsNew phpAdsNew 2.0.8
Solution:
The vendor has released an update to address these issues.
phpAdsNew phpAdsNew 2.0.7
-
phpAdsNew phpAdsNew version 2.0.8-pr1
http://prdownloads.sourceforge.net/phpadsnew/phpAdsNew-2.0.8-pr1.tar.g z?download
phpAdsNew phpAdsNew 2.0.8
-
phpAdsNew phpAdsNew version 2.0.8-pr1
http://prdownloads.sourceforge.net/phpadsnew/phpAdsNew-2.0.8-pr1.tar.g z?download
References
PHPAdsNew and PHPPGAds Multiple Input Validation Vulnerabilities
References:
References:
- phpAdsNew and phpPgAds 2.0.8 released (phpAdsNew)
- phpAdsNew and phpPgAds 2.0.8-pr1 released! (phpAdsNew)
- phpAdsNew Homepage (phpAdsNew)
- phpPgAds Home Page (phpPgAds)
- [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilitie (Matteo Beccati
- phpAdsNew and phpPgAds 2.0.8-pr1 fix XSS vulnerability (Matteo Beccati)