'[Full-disclosure] Microsoft AdCenter Service - Cross Site Vulnerabilities'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Microsoft AdCenter Service - Cross Site Vulnerabilities
From:       "research () vulnerability-lab ! com" <research () vulnerability-lab ! com>
Date:       2012-02-27 16:17:46
Message-ID: 4F4BACAA.6060408 () vulnerability-lab ! com
[Download RAW message or body]

Title:
======
Microsoft AdCenter Service  - Cross Site Vulnerabilities


Date:
=====
2012-02-27


References:
===========
http://www.vulnerability-lab.com/get_content.php?id=447

MSRC ID: 12223


VL-ID:
=====
447


Introduction:
=============
Microsoft adCenter (formerly MSN adCenter), is the division of the Microsoft Network (MSN) \
responsible for MSN s  advertising services. Microsoft adCenter provides pay per click \
advertisements. This is a service aimed at people who want to  advertise a product. Microsoft \
also has a (still in beta) service for webmasters who want to monetize on their site: Microsoft \
pubCenter.

Search and display advertising solutions for small businesses and large advertisers and \
agencies on Bing and Yahoo! Search,  MSN, Windows Live, Xbox & Co.

(Copy of the Vendor Website: http://advertising.microsoft.com/home)


Abstract:
=========
The Vulnerability-Lab Team discovered multiple non-persistent cross site scripting \
vulnerabilities on Microsofts AdCenter website application.


Report-Timeline:
================
2012-02-18:	Vendor Notification
2012-02-19:	Vendor Response/Feedback
2012-02-26:	Vendor Fix/Patch 
2012-02-27:	Public or Non-Public Disclosure


Status:
========
Published


Exploitation-Technique:
=======================
Remote


Severity:
=========
Low


Details:
========
A non persistent cross site scripting vulnerability is detected on on Microsofts AdCenter \
website application. The vulnerability allows an remote attacker with required user inter \
action to hijack customer sessions via cross site scripting. Successful exploitation can result \
in account steal, client side phishing or session hijacking.

Vulnerbale Module(s):
                                                                    [+] austra123; media \
brands; tv

Picture(s):
                                                                    ../1.png
                                                                    ../2.png
                                                                    ../3.png


Proof of Concept:
=================
The vulnerabilites can be exploited by remote attackers with high required user inter action. \
For demonstration or reproduce ...

advertising.microsoft.com/austra123%27;alert%28document.cookie%29;a=%27
advertising.microsoft.com/media-brands';alert(document.cookie);a='
advertising.microsoft.com/tv';alert(document.cookie);a='

Reference(s):
advertising.microsoft.com/austra123
advertising.microsoft.com/media-brands
advertising.microsoft.com/tv


Risk:
=====
The security risk of the non persistent cross site scripting vulnerabilities are estimated as \
low(+).


Credits:
========
Vulnerability Research Laboratory - Ucha Gobejishvili (longrifle0x) 



Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. \
Vulnerability-Lab disclaims all warranties,  either expressed or implied, including the \
warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or \
its suppliers are not liable in any case of damage, including direct, indirect, incidental, \
consequential loss of business  profits or special damages, even if Vulnerability-Lab or its \
suppliers have been advised of the possibility of such damages. Some  states do not allow the \
exclusion or limitation of liability for consequential or incidental damages so the foregoing \
limitation  may not apply. Any modified copy or reproduction, including partially usages, of \
this file requires authorization from Vulnerability- Lab. Permission to electronically \
redistribute this alert in its unmodified form is granted. All other rights, including the use \
of  other media, are reserved by Vulnerability-Lab or its suppliers.

    						Copyright © 2012|Vulnerability-Lab

-- 
Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
Contact: admin@vulnerability-lab.com or support@vulnerability-lab.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic