# Exploit Title: LibAnalytics Springshare Cross Site Scripting
# Date: 6.02.2012
# Author: Sony
# Software Link: http://springshare.com/libanalytics/
# Web Browser: Mozilla Firefox
# Blog: http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/libanalytics-springshare-cross-site.html
..................................................................

Well, we have xss in the login.php [Email]

Our xss code:

http://codepad.org/LqL68vIQ

Demo:

https://libanalytics.com/login.php?iid=1

http://4.bp.blogspot.com/-ePC-0-sNf3w/TzAIyKXliNI/AAAAAAAAAa8/nBT7z8kPV2Y/s1600/an.JPG

Also..we can see who use LibAnalytics:

https://libanalytics.com/login.php?iid=1
https://libanalytics.com/login.php?iid=2
https://libanalytics.com/login.php?iid=3
https://libanalytics.com/login.php?iid=4
..
https://libanalytics.com/login.php?iid=100
https://libanalytics.com/login.php?iid=103
etc..
..................................................................

InSecurity.Ro

Because we care, we're security aware!