Rad User Manager Cross Site Scripting

`# Exploit Title: Rad User Manager XSS Vulnerabilities  
# Date: 01.05.2010  
# Author: Valentin  
# Category: webapps/0day  
# Version: 2.90  
# Tested on: Debian Linux, Apache2, PHP5, MySQL5  
# CVE :   
# Code :   
  
  
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]  
>> General Information   
Advisory/Exploit Title = Rad User Manager XSS Vulnerabilities  
Author = Valentin Hoebel  
Contact = [email protected]  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]  
>> Product information  
Name = Rad User Manager  
Vendor = Rad Inks  
Vendor Websites = http://www.radinks.net/, http://www.radinks.com/  
Affected Version(s) = 2.90  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]  
>> #1 Vulnerability  
Type = XSS  
Almost every parameter accepting user input is vulnerable. Examples:  
  
members/login.php?username=[XSS]  
members/signup.php?username=[XSS]  
admin/userdetails.php?userId=[XSS]  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]  
>> Additional Information  
Advisory/Exploit Published = 01.05.2010  
  
When being installed, the Rad User Manager creates two accounts with default  
passwords:  
  
Login: "admin" Password: "radmin"  
Login: "user" Password: "radmin"  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]  
>> Misc  
Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!  
<3 packetstormsecurity.org!  
  
  
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]  
`