Rad User Manager version 2.90 suffers from a cross site scripting vulnerability.
30e754dc077e39aec75701c91e64f87ad0d24d9f48ac2d430efc32eab3056748
# Exploit Title: Rad User Manager XSS Vulnerabilities
# Date: 01.05.2010
# Author: Valentin
# Category: webapps/0day
# Version: 2.90
# Tested on: Debian Linux, Apache2, PHP5, MySQL5
# CVE :
# Code :
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = Rad User Manager XSS Vulnerabilities
Author = Valentin Hoebel
Contact = valentin@xenuser.org
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = Rad User Manager
Vendor = Rad Inks
Vendor Websites = http://www.radinks.net/, http://www.radinks.com/
Affected Version(s) = 2.90
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> #1 Vulnerability
Type = XSS
Almost every parameter accepting user input is vulnerable. Examples:
members/login.php?username=[XSS]
members/signup.php?username=[XSS]
admin/userdetails.php?userId=[XSS]
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 01.05.2010
When being installed, the Rad User Manager creates two accounts with default
passwords:
Login: "admin" Password: "radmin"
Login: "user" Password: "radmin"
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
<3 packetstormsecurity.org!
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]