1 ########################################## 1
0 I'm Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name : Joomla com_socialads Persistent Xss Vulnerability
Date : july 3,2010
Critical Level : HIGH
vendor URL :http://techjoomla.com/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
With SocialAds for JomSocial, you can create Facebook like demographically targeted ads to show on Your JomSocial Site. This extension allows advertisers to create their advertisement , Target the users they want to show the advertisement to, Decide if they want to pay by impressions or per click, Pay online & get the advertisement started up right away !
#######################################################################################################
Xploit : Persistent Xss Vulnerability
Step 1: Register :D
Step 2: Goto to the option called "MANAGE YOUR ADS"
Step 3: In the ads description the attacker can post xss scripts
DEMO URL :http://server/js/index.php?option=com_socialads&view=showad&Itemid=94
Attack Pattern :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>
Steap 4: Now check your ads :P
DEMO URL :http://server/js/index.php?option=com_socialads&view=adsummary&Itemid=94&adid=23
###############################################################################################################
# 0day no more
# Sid3^effects
