%+
$.......#........4.........|).......0............\/\/ %+
%+
%+
%++++++++++++++++++++++++++++++++++++++++
# Exploit Title: PG Newsletter persistent XSS vulnerability
# Vendor: demo.newsletter.pro
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D
# My Blog: http://www.shadowrootkit.wordpress.com
# Google Dork: © 2010 PilotGroup.NET Powered
by PG Newsletter Software - email marketing
software
****************************************************************************************************************************************************************************************
Persistent XSS Vulnerability
********************************
{DEMO} : demo.newsletter.pro/forms/index.php?sel=edit
EXPLOIT: ">>
Observe: login to the admin panel(demo).Inject this script in a create form
page, i.e, (DEMO) in formname field or thankyoupageURL field
Now observe: demo.newsletter.pro/forms/index.php
*****************************************************************************************************************************************************************************************
sp3c14l Thanks to s1d3 effects and my friends@!3.14--
*****************************************************************************************************************************************************************************************