TUCoPS :: HP Unsorted M :: b06-3407.htm

Mads v1.0
mAds v1.0
mAds v1.0



mAds v1.0=0D
=0D
Homepage:=0D
http://lowpricescripts.com/product_info.php?products_id=51=0D 
=0D
Affected files:=0D
=0D
*Searching=0D
=0D
-----------------------------------=0D
=0D
XSS vuln when searching:=0D
=0D
Like the hotbot XSS vuln, when searching mAds returns with its results they are generated dynamically on screen, with no filtering at all. For a PoC as your search string put in:=0D
=0D
=0D 
=0D
Screenshots:=0D
=0D
http://www.youfucktard.com/xsp/mads1.jpg=0D 
=0D
Im sure other vulnerabilities aside from XSS could be also possible due to this.=0D
------------------------------------

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2023 AOH