Shopping.com API Cross Site Scripting

2013-02-17T00:00:00
ID PACKETSTORM:120355
Type packetstorm
Reporter 3spi0n
Modified 2013-02-17T00:00:00

Description

                                        
                                            `##################################################################################  
__ _ _ ____   
/ /___ _____ (_)_____________ ______(_)__ _____ / __ \_________ _  
__ / / __ `/ __ \/ / ___/ ___/ __ `/ ___/ / _ \/ ___// / / / ___/ __ `/  
/ /_/ / /_/ / / / / (__ |__ ) /_/ / / / / __(__ )/ /_/ / / / /_/ /   
\____/\__,_/_/ /_/_/____/____/\__,_/_/ /_/\___/____(_)____/_/ \__, /   
/____/   
##################################################################################   
Shopping.com Api V3 php Script, XSS Vulnerabilities  
Software Page: http://en.clicsell.com/script-shopping-v3.html  
Product Page: http://www.hotscripts.com/listing/shopping-com-api-v3-php-script/  
Script Demo: http://en.clicsell.com/  
  
Author(Pentester): 3spi0n  
On Social: Twitter.Com/eyyamgudeer  
Greetz: Grayhats Inc. and Janissaries Platform.  
##################################################################################  
  
[~] Xss on Demo Site (Searchbox)  
  
>>> http://i.imgur.com/dIjfayE.png (Xss Found)  
>>> If you try; you may open demo site and xss attack code to Searchbox.  
>>> <script>alert('XSS')</script>  
`