HAM3D Shop Engine CMS Cross Site Scripting

2014-06-11T00:00:00
ID PACKETSTORM:127050
Type packetstorm
Reporter Medrik
Modified 2014-06-11T00:00:00

Description

                                        
                                            ` [+] Exploit Title : HAM3D Shop Engine CMS XSS Vulnerability  
[+] Discovered By : Medrik  
[+] Vendor Home-Page : http://ham3d.net/  
[+] Tested On : Windows  
  
Note : Another XSS Vuln Discovered By IeDb .   
  
############################  
  
This Is a XSS Vulnerability In HAM3D Cms .  
  
[~] Locate :  
  
http://vulnerable_host/rating/rating.php?ID=[XSS]  
  
[~] Image : http://i.imgur.com/W7AWoMo.png  
  
############################  
  
Demo :  
  
http://www.hamonkala.com/rating/rating.php?ID=[XSS]  
http://maktabevahy.ir/rating/rating.php?ID=[XSS]  
http://www.hormand.com/rating/rating.php?ID=[XSS]  
  
############################  
  
Spc Tnx : Beni_Vanda , BlacK.KinG , Dr.3v1l , 8ThBiT , M.R.S.CO , Unline , 0x0ptim0us   
  
  
./2014 , Grey Hat Boys ...  
`