Bug: Yourfreeworld Styleish Text Ads Script ( Ascii Version )

Search:
WLB2

Yourfreeworld Styleish Text Ads Script

Published
Credit
Risk
2006.05.23
luny youfucktard com
Medium
CWE
CVE
Local
Remote
N/A
CVE-2006-2508
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

Homepage of script

http://www.yourfreeworld.com/script/textads.asp

Stylish Text Ads Script can be one of the most useful tools for any webmaster.

If you own 1 or more websites and want to sell text ads then this tool can be one of the best tool for you.

Effected files:

tr1.php

advertise.php

Exploit:

SQL Injection on tr1.php can shows full path disclosure errors as well as inproper filtering on the forms of
advertise.php that can lead to malicious code injection or XSS.

Example:

http://www.example.com/stylishtextads/tr1.php?id=1'

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version