accept no compromises

Calendar Script E.M.M.A 1.2 Cross Site Scripting

Calendar Script E.M.M.A 1.2 Cross Site Scripting
Posted Jan 14, 2013
Authored by Viknesvaran Sittaramane

Calendar Script Easy Membership Management Application version 1.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9281efedabc132f8f7cc04d38c499e9d

Calendar Script E.M.M.A 1.2 Cross Site Scripting

Change Mirror Download
Advisory:Calendar Script Easy Membership Management Application(E.M.M.A) Persistent XSS Vulnerability
Version:1.2
Vendor URL: http://calendarscripts.info/emma/
Demo Link: http://demo.pimteam.net/emma/admin.php

Author: Viknesvaran Sittaramane
Category: Webapp
Twiiter: https://twitter.com/csvsn

~.~.~.~.~.~.~.~.~.~.~.
Product Description
~.~.~.~.~.~.~.~.~.~.~.

E.M.M.A. Is Easy Membership Management Application

Features:
Create different subscription plans
Select subscription plan for every content
Upload protected pages, images and downloadable files
Your users can renew or upgrade their subscriptions any time
~.~.~.~.~.~.~.~.~.~.~.
Vulnerability Description
~.~.~.~.~.~.~.~.~.~.~.

E.M.M.A multiple fields suffers from Persistent XSS Vulnerability

~.~.~.~.~.~.
PoC-Exploit
~.~.~.~.~.~.

----------------------
Front End of E.M.M.A :
----------------------
Step1: Go to the Registration form

Registration Demo url : http://demo.pimteam.net/emma/index.php?action=register

Step2: On the fields Name, Address, Buiness name,Tel, Mob, Test Field, Association enter the malicious script then SIGN UP

Step3: Login using the registered email and password -> Go to Edit Profile -> Pop Up Appears

Step4: Persistant XSS Confirmed

Parameter used : '"--><script>alert(0x000872)</script>

Screenshot: http://i47.tinypic.com/wvve4o.png

--------------------------------
Administrator Panel of E.M.M.A :
--------------------------------
Demo URL for E.M.M.A Administrator Panel : http://demo.pimteam.net/emma/admin.php?1358152765

Step1: Login to E.M.M.A

Step2:Under Manage users Tab (Manage users)
a.Edit any Username and replace username with a malicious script and Save it (Same goes to Create new user)
b. A Pop up appears -> Persistent XSS

Step3:Under Manage Site Tab (Content Categories)
a.Under name field insert a malicious script and Save it (Add Category)
b. A Pop up appears -> Persistent XSS

Step4:Under Manage Site Tab (Manage Contents->Click here to Upload Contents)
a.Content/page title and description field insert a malicious script and Save it (Add Plan)
b. A Pop up appears -> Persistent XSS


Step5:Under Manage Site Tab (Subscription Plans)
a.Under Plane name field insert a malicious script and Save it
b. A Pop up appears -> Persistent XSS


Parameter used : '"--><script>alert(0x000872)</script>
~.~.~.~.~.~.~.~.~.~.
Disclosure Timeline
~.~.~.~.~.~.~.~.~.~.

14th January 2013 -> Vendor Notified



Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close