Yourfreeworld Styleish Text Ads Script

2006.05.23

Credit: luny youfucktard com

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-2508

CWE: CWE-Other

CVSS Base Score: 6.4/10

Impact Subscore: 4.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: Partial

Homepage of script

http://www.yourfreeworld.com/script/textads.asp

Stylish Text Ads Script can be one of the most useful tools for any webmaster.

If you own 1 or more websites and want to sell text ads then this tool can be one of the best tool for you.

Effected files:

tr1.php

advertise.php

Exploit:

SQL Injection on tr1.php can shows full path disclosure errors as well as inproper filtering on the forms of advertise.php that can lead to malicious code injection or XSS.

Example:

http://www.example.com/stylishtextads/tr1.php?id=1'

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Yourfreeworld Styleish Text Ads Script

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Yourfreeworld Styleish Text Ads Script

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.