DMXReady Members Area Manager – Persistent Cross-Site Scripting

• Exploit Database
• 31 阅读

• 作者： L0rd CrusAd3r
  日期： 2010-09-06
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/14913/

• Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
  Exploit Title: DMXReady Members Area Manager Persistent XSS
  Vendor url:http://www.dmxready.com/
  Version:2
  Price:295$
  Published: 2010-09-06
  GThanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
  M4n0j,NoCare,SeeMe, gunslinger, Th3 RDX.
  Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com)
  Special Greetz: Topsecure.net,0xr00t.com,Andhrahackers.com
  Shoutzz:- To all ICW & Inj3ct0r members.
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  Description:
  
  DMXReady Members Area Manager allows you to quickly create a whole area of
  your website that is 'members only' so you can control who sees your
  content!
  
  * Plug in automatically into DMXReady CMS or secure any web page on your
  current ASP-enabled website with one line of script
  * Secure newsletter pages, organizational news, photo galleries,
  paid-for content, and any online content you like
  * Unlimited security levels
  * Name your own levels i.e. "Visitor", "Member", "Subscriber", etc.
  * Easy-to-use Control Panel means anyone in the office can adjust
  security settings
  * Members sign up themselves, which means less administration work for
  you
  * Built-in member messaging feature - send to all members or only
  certain groups
  * "Lost Password" feature sends password to members automatically
  * Fully open source so you can customize even further
  * Add in your own custom features
  
  
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  
  Vulnerability:
  
  Persistent XSS :-
  
  Step 1) Login into member or User Section
  
  Link:
  
  http://www.site.com/dmxreadyv2/membersareamanager/membersareamanager.asp?show=login-member
  
  Step 2) Go to Edit profile
  
  XSS Bug present in following
  
  *)Contact Information
  
  Address 2
  
  *)Shipping Address
  
  Address 2
  
  *)Profile Details
  
  Detail
  
  Step 3) Enter your Attack Pattern
  
  Step 4) Refresh and View User profile
  
  Demo Url:-
  http://www.site.com/dmxreadyv2/membersareamanager/membersareamanager.asp?member=&show=member-profile&tab=meta
  
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  
  # 0day n0 m0re #
  # L0rd CrusAd3r #