Plandora suffers from a cross site scripting vulnerability.
94a393a35aa99f1d951dabfc4e6c0c8d3c365f7eb8dede5ec6d9aff0db8d1694
# Exploit Title: Plandora Cross Site Scripting
# Date: 16.02.2012
# Author: Sony
# Software Link: http://plandora.org/
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/plandora-cross-site-scripting.html
..................................................................
What is Plandora?
http://plandora.org/project.htm
We have online demo.
http://plandora.org/online.htm
Our XSS in the Options-->Resource Options-->URL..
Put XSS code in the URL, Save Changes and open page:
http://www.plandora.org/pandora/do/login?operation=resolveForward
We can see Persistent XSS.
http://3.bp.blogspot.com/-3EFK2T7hz7M/Tz2KcXbm1rI/AAAAAAAAAgA/wdZcpSvN2tc/s1600/plandora.JPG
http://4.bp.blogspot.com/-u3j1uQjHS1M/Tz2KfjbON9I/AAAAAAAAAgM/xMEPO42qXRI/s1600/plan2.JPG