DMXReady Members Area Manager - Persistent Cross-Site Scripting

EDB-ID:

14913

CVE:


EDB Verified:

Author:

L0rd CrusAd3r

Type:

webapps

Exploit:   /  

Platform:

ASP

Date:

2010-09-06

Vulnerable App: 
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: DMXReady Members Area Manager Persistent XSS
Vendor url:http://www.dmxready.com/
Version:2
Price:295$
Published: 2010-09-06
GThanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
M4n0j,NoCare,SeeMe, gunslinger, Th3 RDX.
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com)
Special Greetz: Topsecure.net,0xr00t.com,Andhrahackers.com
Shoutzz:- To all ICW & Inj3ct0r members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

DMXReady Members Area Manager allows you to quickly create a whole area of
your website that is 'members only' so you can control who sees your
content!

    * Plug in automatically into DMXReady CMS or secure any web page on your
current ASP-enabled website with one line of script
    * Secure newsletter pages, organizational news, photo galleries,
paid-for content, and any online content you like
    * Unlimited security levels
    * Name your own levels i.e. "Visitor", "Member", "Subscriber", etc.
    * Easy-to-use Control Panel means anyone in the office can adjust
security settings
    * Members sign up themselves, which means less administration work for
you
    * Built-in member messaging feature - send to all members or only
certain groups
    * "Lost Password" feature sends password to members automatically
    * Fully open source so you can customize even further
    * Add in your own custom features


~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

Persistent XSS :-

Step 1) Login into member or User Section

Link:

http://www.site.com/dmxreadyv2/membersareamanager/membersareamanager.asp?show=login-member

Step 2) Go to Edit profile

XSS Bug present in following

*)Contact Information

Address 2

*)Shipping Address

Address 2

*)Profile Details

Detail

Step 3) Enter your Attack Pattern

Step 4) Refresh and View User profile

Demo Url:-
http://www.site.com/dmxreadyv2/membersareamanager/membersareamanager.asp?member=&show=member-profile&tab=meta

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

# 0day n0 m0re #
# L0rd CrusAd3r #
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services