ADManager 1.1 - Content Manipulation

Author: frog
type: webapps
platform: php
port: 
date_added: 2002-04-17  
date_updated: 2012-09-21  
verified: 1  
codes: OSVDB-86912  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21424.txt  

source: https://www.securityfocus.com/bid/4615/info

Admanager is banner advertisement management software. It is written in PHP and will run on most Unix and Linux variants, in addition to Microsoft Windows operating systems.

Access to the 'add.php3' script does not require authentication. It is possible for a remote attacker to manipulate URL parameters of this script and change banner advertisement content.

http://target/add.php3?url=http://www.url.com&adurl=http://URL/img.gif URL/