DMXReady Members Area Manager - Persistent Cross-Site Scripting

EDB-ID:

14913

CVE:





Platform:

ASP

Date:

2010-09-06


Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: DMXReady Members Area Manager Persistent XSS
Vendor url:http://www.dmxready.com/
Version:2
Price:295$
Published: 2010-09-06
GThanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
M4n0j,NoCare,SeeMe, gunslinger, Th3 RDX.
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com)
Special Greetz: Topsecure.net,0xr00t.com,Andhrahackers.com
Shoutzz:- To all ICW & Inj3ct0r members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

DMXReady Members Area Manager allows you to quickly create a whole area of
your website that is 'members only' so you can control who sees your
content!

    * Plug in automatically into DMXReady CMS or secure any web page on your
current ASP-enabled website with one line of script
    * Secure newsletter pages, organizational news, photo galleries,
paid-for content, and any online content you like
    * Unlimited security levels
    * Name your own levels i.e. "Visitor", "Member", "Subscriber", etc.
    * Easy-to-use Control Panel means anyone in the office can adjust
security settings
    * Members sign up themselves, which means less administration work for
you
    * Built-in member messaging feature - send to all members or only
certain groups
    * "Lost Password" feature sends password to members automatically
    * Fully open source so you can customize even further
    * Add in your own custom features


~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

Persistent XSS :-

Step 1) Login into member or User Section

Link:

http://www.site.com/dmxreadyv2/membersareamanager/membersareamanager.asp?show=login-member

Step 2) Go to Edit profile

XSS Bug present in following

*)Contact Information

Address 2

*)Shipping Address

Address 2

*)Profile Details

Detail

Step 3) Enter your Attack Pattern

Step 4) Refresh and View User profile

Demo Url:-
http://www.site.com/dmxreadyv2/membersareamanager/membersareamanager.asp?member=&show=member-profile&tab=meta

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

# 0day n0 m0re #
# L0rd CrusAd3r #