Avsarsoft Matbaa Script Cross Site Scripting / Shell Upload

`#Title : Avsarsoft Matbaa Script - Multiple Vulnerabilities  
#Author : ZoRLu / [email protected]  
#Website : milw00rm.com / milw00rm.net / milw00rm.org  
#Twitter : https://twitter.com/milw00rm or @milw00rm  
#Test : Windows7 Ultimate  
#Discovery : 15/04/15  
#Publish : 23/04/15  
#Thks : exploit-db.com, packetstormsecurity.com, securityfocus.com, sebug.net, cxsecurity.com and others  
#BkiAdam : Dr.Ly0n, KnocKout, LifeSteaLeR, Nicx  
#Demo : http://avsarsoft.com/matbaa/  
#Demo User : [email protected]  
#Demo Pass : 123456  
  
1) Remote File Upload Vulnerability  
  
you go here:  
  
localhost/path/index.php?Git=KartvizitTasarla  
  
localhost/path//index.php?Git=BrosurTasarla  
  
localhost/path/index.php?Git=DavetiyeTasarla  
  
after click to "Resim Ekle"  
  
select your php file and wait for upload  
  
after go here for you php file  
  
localhost/path/upload/file.php  
  
1) Multiple XSS Vulnerabilities  
  
register to site   
  
localhost/path/index.php?Git=UyeOl  
  
after login  
  
localhost/path/index.php?Git=Uyelik  
  
after go here and add your xss code  
  
localhost/path/index.php?Git=KontrolPaneli&Sayfa=KisiselBilgilerim  
  
localhost/path/index.php?Git=KontrolPaneli&Sayfa=AdresBilgilerim  
  
localhost/path/index.php?Git=KontrolPaneli&Sayfa=Yorumlar  
`