Exploit the possiblities

Calendar Script E.M.M.A 1.2 Cross Site Scripting

Calendar Script E.M.M.A 1.2 Cross Site Scripting
Posted Jan 14, 2013
Authored by Viknesvaran Sittaramane

Calendar Script Easy Membership Management Application version 1.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9281efedabc132f8f7cc04d38c499e9d

Calendar Script E.M.M.A 1.2 Cross Site Scripting

Change Mirror Download
Advisory:Calendar Script Easy Membership Management Application(E.M.M.A) Persistent XSS Vulnerability
Version:1.2
Vendor URL: http://calendarscripts.info/emma/
Demo Link: http://demo.pimteam.net/emma/admin.php

Author: Viknesvaran Sittaramane
Category: Webapp
Twiiter: https://twitter.com/csvsn

~.~.~.~.~.~.~.~.~.~.~.
Product Description
~.~.~.~.~.~.~.~.~.~.~.

E.M.M.A. Is Easy Membership Management Application

Features:
Create different subscription plans
Select subscription plan for every content
Upload protected pages, images and downloadable files
Your users can renew or upgrade their subscriptions any time
~.~.~.~.~.~.~.~.~.~.~.
Vulnerability Description
~.~.~.~.~.~.~.~.~.~.~.

E.M.M.A multiple fields suffers from Persistent XSS Vulnerability

~.~.~.~.~.~.
PoC-Exploit
~.~.~.~.~.~.

----------------------
Front End of E.M.M.A :
----------------------
Step1: Go to the Registration form

Registration Demo url : http://demo.pimteam.net/emma/index.php?action=register

Step2: On the fields Name, Address, Buiness name,Tel, Mob, Test Field, Association enter the malicious script then SIGN UP

Step3: Login using the registered email and password -> Go to Edit Profile -> Pop Up Appears

Step4: Persistant XSS Confirmed

Parameter used : '"--><script>alert(0x000872)</script>

Screenshot: http://i47.tinypic.com/wvve4o.png

--------------------------------
Administrator Panel of E.M.M.A :
--------------------------------
Demo URL for E.M.M.A Administrator Panel : http://demo.pimteam.net/emma/admin.php?1358152765

Step1: Login to E.M.M.A

Step2:Under Manage users Tab (Manage users)
a.Edit any Username and replace username with a malicious script and Save it (Same goes to Create new user)
b. A Pop up appears -> Persistent XSS

Step3:Under Manage Site Tab (Content Categories)
a.Under name field insert a malicious script and Save it (Add Category)
b. A Pop up appears -> Persistent XSS

Step4:Under Manage Site Tab (Manage Contents->Click here to Upload Contents)
a.Content/page title and description field insert a malicious script and Save it (Add Plan)
b. A Pop up appears -> Persistent XSS


Step5:Under Manage Site Tab (Subscription Plans)
a.Under Plane name field insert a malicious script and Save it
b. A Pop up appears -> Persistent XSS


Parameter used : '"--><script>alert(0x000872)</script>
~.~.~.~.~.~.~.~.~.~.
Disclosure Timeline
~.~.~.~.~.~.~.~.~.~.

14th January 2013 -> Vendor Notified



Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close