========================================================================
Openads security advisory OPENADS-SA-2007-002

Advisory ID: OPENADS-SA-2007-002
Date: 2007-Jan-25
Security risk: low risk
Applications affetced: Max Media Manager
Versions affected: <= Max Media Manager v0.1.29-rc and v0.3.30-alpha
Versions not affected: >= Max Media Manager v0.3.31-alpha-pr2

========================================================================
Vulnerability: Cross-site scripting

Description

This is the description of the vulnerability recieved by JPCERT:

"We have confirmed that in admin-search.php, scripts included in
'keyword' parameter is shown without proper sanitization thus the
script could be executed.

However a user needs to login the system as administrator, which makes
the exploit technically difficult.

If this vulnerability is exploited, by script execution, a user's
session ID included in HTTP Cookie might be stolen. Also there's a risk
that the contents of phpAdsNew are falsified temporarily."

Note: Max Media Manager is derived from phpAdsNew and was affected by
the same vulnerability. MMM v0.3.30-alpha also has affiliate-search.php
which was vulnerable as well.

References

• JVN#07274813: http://jvn.jp/jp/JVN&#37;2307274813/index.html

Solution

• If you are running v0.3.x, upgrade to v0.3.30-alpha-pr2
• If you are running v0.1.x, a patch is available here:

https://developer.openads.org/changeset/3919?format=zip&amp;new=3919

Contact informations

The security contact for Openads can be reached at:
<security AT openads DOT org>

Best regards

Matteo Beccati
http://www.openads.org
http://phpadsnew.com
http://phppgads.com