%+ $.......#........4.........|)........0............\/\/ %+ %+ %+ %++++++++++++++++++++++++++++++++++++++++ # Exploit Title: DomainShopScript persistent XSS vulnerability #Vendor: www.domainshopscript.com # Date: 1st july,2011 # Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D( karthikaryabhat@gmail.com) #Google Dork: © Copyright 2006 Domain Shop Script ***************************************************************************************************************************************************************************************** BREIF DESCRIPTION ***************************** DSS is a script based on PHP and MySQL which allows for the listing and sale of domain names, a growing commodity on the internet and beyond. Although DSS is meant for advanced users and resellers, it can also be used by those who only have a few domains to sell. DSS is easy to use, completely customizeable, and gives customers an easy and interactive interface to work with. Features of DomainShopScript: -Complete control of all domain-related tasks within one consolidated administrative panel. -Ability to group domains by category. -Search ability available to users. -'Contact Us' script built in. -Ability to receive offers, as well as accept them, reject them, or counter them. -Ability to allow purchases for a set price. -Full domain details available on domain information page. -Completely customizable user interface. -Ability to store user information and utilize a username and password. ****************************************************************************************************************************************************************************************** Persistent XSS Vulnerability ******************************** {DEMO} : target/demo/index.php EXPLOIT: >>

$#4d0\/\/

Observe: A persistent cross-site scripting vulnerability in DomainShopScript can be exploited to execute arbitrary JavaScript. ***************************************************************************************************************************************************************************************** sp3c14l Thanks to s1d3 effects and my friends@!3.14-- **************************************************************************