DMXReady Members Area Manager Cross Site Scripting

2010-09-08T00:00:00
ID PACKETSTORM:93571
Type packetstorm
Reporter L0rd CrusAd3r
Modified 2010-09-08T00:00:00

Description

                                        
                                            `Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]  
Exploit Title: DMXReady Members Area Manager Persistent XSS  
Vendor url:http://www.dmxready.com/  
Version:2  
Price:295$  
Published: 2010-09-06  
GThanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,  
M4n0j,NoCare,SeeMe, gunslinger, Th3 RDX.  
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com)  
Special Greetz: Topsecure.net,0xr00t.com,Andhrahackers.com  
Shoutzz:- To all ICW & Inj3ct0r members.  
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~  
Description:  
  
DMXReady Members Area Manager allows you to quickly create a whole area of  
your website that is 'members only' so you can control who sees your  
content!  
  
* Plug in automatically into DMXReady CMS or secure any web page on your  
current ASP-enabled website with one line of script  
* Secure newsletter pages, organizational news, photo galleries,  
paid-for content, and any online content you like  
* Unlimited security levels  
* Name your own levels i.e. "Visitor", "Member", "Subscriber", etc.  
* Easy-to-use Control Panel means anyone in the office can adjust  
security settings  
* Members sign up themselves, which means less administration work for  
you  
* Built-in member messaging feature - send to all members or only  
certain groups  
* "Lost Password" feature sends password to members automatically  
* Fully open source so you can customize even further  
* Add in your own custom features  
  
  
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~  
  
Vulnerability:  
  
Persistent XSS :-  
  
Step 1) Login into member or User Section  
  
Link:  
  
http://www.site.com/dmxreadyv2/membersareamanager/membersareamanager.asp?show=login-member  
  
Step 2) Go to Edit profile  
  
XSS Bug present in following  
  
*)Contact Information  
  
Address 2  
  
*)Shipping Address  
  
Address 2  
  
*)Profile Details  
  
Detail  
  
Step 3) Enter your Attack Pattern  
  
Step 4) Refresh and View User profile  
  
Demo Url:-  
http://www.site.com/dmxreadyv2/membersareamanager/membersareamanager.asp?member=&show=member-profile&tab=meta  
  
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~  
  
# 0day n0 m0re #  
# L0rd CrusAd3r #  
  
`