CVE-2009-4939
published 2010-07-22CVE-2009-4939: Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.93%
77.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| impactsoftcompany | adpeeps | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Impact Software AdPeeps - Cross-Site Scripting / HTML Injection
exploitdb·2010-07-27
CVE-2009-4939 Impact Software AdPeeps - Cross-Site Scripting / HTML Injection
Impact Software AdPeeps - Cross-Site Scripting / HTML Injection
---
source: https://www.securityfocus.com/bid/42071/info
Impact Software Ad Peeps is prone to multiple cross-site scripting vulnerabilities and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code could run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Ad Peeps 8.5d1 is vulnerable; other versions may also be affected.
http://www.example.com/adpeeps/index.php?uid=">alert(0)
http://www.example.com/adpeeps/index.php?loc=login_lookup&
Exploit-DB
Impact Software AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection
exploitdb·2009-05-27
CVE-2009-4939 Impact Software AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection
Impact Software AdPeeps 8.5d1 - Cross-Site Scripting / HTML Injection
---
AdPeeps Ad Rotator - XSS and HTML Injection Vulnerabilities
Version Affected: 8.5d1 (3-18-09) (newest)
Info: Ad Peeps is a banner rotator and text ad rotator - all in one that
allows you to track, sell and manage banner ads, rich-media/flash ads
and text ads on your website. Built using PHP/MYSQL, Ad Peeps provides
you and your advertisers with highly detailed real-time statistics and
is capable of delivering millions of impressions per day on a typical
shared web server. - Plus, you can try it right now on your website
with our 7 day trial.
Ad Peeps is so versatile that it can even show your text ads Yahoo!
Style or Google AdWords Style. Unlike many other banner ad rotator
programs, Ad Peeps was skillfully desi
No writeups or analysis indexed.
http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.htmlhttp://osvdb.org/54790http://secunia.com/advisories/35262http://www.exploit-db.com/exploits/8818http://www.securityfocus.com/archive/1/503855/100/0/threadedhttp://www.securityfocus.com/archive/1/503911/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50823https://exchange.xforce.ibmcloud.com/vulnerabilities/50824http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.htmlhttp://osvdb.org/54790http://secunia.com/advisories/35262http://www.exploit-db.com/exploits/8818http://www.securityfocus.com/archive/1/503855/100/0/threadedhttp://www.securityfocus.com/archive/1/503911/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50823https://exchange.xforce.ibmcloud.com/vulnerabilities/50824
2010-07-22
Published