AOH :: HP Unsorted M :: B06-3407.HTM

Mads v1.0



mAds v1.0
mAds v1.0



mAds v1.0=0D
=0D
Homepage:=0D
http://lowpricescripts.com/product_info.php?products_id=51=0D 
=0D
Affected files:=0D
=0D
*Searching=0D
=0D
-----------------------------------=0D
=0D
XSS vuln when searching:=0D
=0D
Like the hotbot XSS vuln, when searching mAds returns with its results they are generated dynamically on screen, with no filtering at all. For a PoC as your search string put in:=0D
=0D
=0D 
=0D
Screenshots:=0D
=0D
http://www.youfucktard.com/xsp/mads1.jpg=0D 
=0D
Im sure other vulnerabilities aside from XSS could be also possible due to this.=0D
------------------------------------

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.