ARASTAR Portal System (search.php) XSS Vulnerability Software : ARASTAR Date : 1/13/2012 Vendor : http://www.ara-star.com Get App. : http://www.ara-star.com/sale.php?sale=3 Price : $480 Dork : site:*.il intext:"powered by ARASTAR" Author : ITTIHACK Home : http://ittihack.com Vulnerable File : Search.php Exploit : Use the dork above to find yours, go to the home page and post XSS code in (( search box )) Note; do not post it in the URL above, just in search box Examples :

Found By ITTIHACK

Demo Sites: http://radio.ara-star.com <-- Supporter http://aljalel.co.il http://alwan.co.il #Greatz to: ___ ____ ____ #````______/```\__//```\__/____\ #``_/```\_/``:```````````//____\ #`/|``````:``:``..``````/ Reinie \ #|`|`````::`````::``````\````````/ #|`|`````:|`````||`````\`\______/ #|`|`````||`````||``````|\``/``| #`\|`````||`````||``````|```/`|`\ #``|`````||`````||``````|``/`/_\`\ #``|`___`||`___`||``````|`/``/````\ #```\_-_/``\_-_/`|`____`|/__/``````\ #````````````````_\_--_/````\`````/ #```````````````/____```````````/ #``````````````/`````\`````````/ #``````````````\______\_______/