ADManager 1.1 - Content Manipulation

EDB-ID:

21424

CVE:



Author:

frog

Type:

webapps


Platform:

PHP

Date:

2002-04-17


source: https://www.securityfocus.com/bid/4615/info

Admanager is banner advertisement management software. It is written in PHP and will run on most Unix and Linux variants, in addition to Microsoft Windows operating systems.

Access to the 'add.php3' script does not require authentication. It is possible for a remote attacker to manipulate URL parameters of this script and change banner advertisement content.

http://target/add.php3?url=http://www.url.com&adurl=http://URL/img.gif URL/