CVE-2009-4939
CVE-2009-4939
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencewww.exploit-db.com/exploits/8818unverifiedexploitdbwww.exploit-db.com/exploits/34389unverifiedexploitdbwww.exploit-db.com/exploits/8818unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.htmlhttp://osvdb.org/54790http://secunia.com/advisories/35262https://exchange.xforce.ibmcloud.com/vulnerabilities/50823https://exchange.xforce.ibmcloud.com/vulnerabilities/50824http://www.exploit-db.com/exploits/8818http://www.securityfocus.com/archive/1/503855/100/0/threadedhttp://www.securityfocus.com/archive/1/503911/100/0/threaded