Advisory:Calendar Script Easy Membership Management Application(E.M.M.A) Persistent XSS Vulnerability
Version:1.2
Vendor URL: http://calendarscripts.info/emma/
Demo Link: http://demo.pimteam.net/emma/admin.php

Author: Viknesvaran Sittaramane
Category: Webapp  
Twiiter: https://twitter.com/csvsn
 
~.~.~.~.~.~.~.~.~.~.~.
Product Description
~.~.~.~.~.~.~.~.~.~.~.

E.M.M.A. Is Easy Membership Management Application

Features:
Create different subscription plans
Select subscription plan for every content
Upload protected pages, images and downloadable files
Your users can renew or upgrade their subscriptions any time
~.~.~.~.~.~.~.~.~.~.~.
Vulnerability Description
~.~.~.~.~.~.~.~.~.~.~.
 
 E.M.M.A multiple fields suffers from Persistent XSS Vulnerability

~.~.~.~.~.~.
PoC-Exploit
~.~.~.~.~.~.

----------------------
Front End of E.M.M.A :
----------------------
Step1: Go to the Registration form

Registration Demo url : http://demo.pimteam.net/emma/index.php?action=register

Step2: On the fields Name, Address, Buiness name,Tel, Mob, Test Field, Association enter the malicious script then SIGN UP

Step3: Login using the registered email and password -> Go to Edit Profile -> Pop Up Appears

Step4: Persistant XSS Confirmed

Parameter used : '"--><script>alert(0x000872)</script>

Screenshot: http://i47.tinypic.com/wvve4o.png

--------------------------------
Administrator Panel of E.M.M.A :
--------------------------------
Demo URL for E.M.M.A Administrator Panel : http://demo.pimteam.net/emma/admin.php?1358152765

Step1: Login to E.M.M.A

Step2:Under Manage users Tab (Manage users)
	a.Edit any Username and replace username with a malicious script and Save it (Same goes to Create new user)
	b. A Pop up appears -> Persistent XSS

Step3:Under Manage Site Tab (Content Categories) 
	a.Under name field insert a malicious script and Save it (Add Category)
	b. A Pop up appears -> Persistent XSS

Step4:Under Manage Site Tab (Manage Contents->Click here to Upload Contents) 
	a.Content/page title and description field insert a malicious script and Save it (Add Plan)
	b. A Pop up appears -> Persistent XSS


Step5:Under Manage Site Tab (Subscription Plans) 
	a.Under Plane name field insert a malicious script and Save it 
	b. A Pop up appears -> Persistent XSS
	

Parameter used : '"--><script>alert(0x000872)</script>
~.~.~.~.~.~.~.~.~.~.
Disclosure Timeline
~.~.~.~.~.~.~.~.~.~.

14th January 2013 -> Vendor Notified