DomainShopScript cross site Scripting Vulnerability

Disclaimer: Author is not responsible for any misuse of this thread.
It is for educational purpose only.

%+         $…….#……..4………|)……..0…………\/\/       %+

                                              %+                                                                                                                 %+
%++++++++++++++++++++++++++++++++++++++++# Exploit Title: DomainShopScript XSS vulnerability
# Date: 1st july,2011
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D
#Google Dork: © Copyright 2006 Domain Shop Script*****************************************************************************************************************************************************************************************
*****************************DSS is a script based on PHP and MySQL which allows for the listing and sale of domain names, a growing commodity on the internet and beyond. Although DSS is meant for advanced users and resellers, it can also be used by those who only have a few domains to sell. DSS is easy to use, completely customizeable, and gives customers an easy and interactive interface to work with. Features of DomainShopScript: -Complete control of all domain-related tasks within one consolidated administrative panel. -Ability to group domains by category. -Search ability available to users. -‘Contact Us’ script built in. -Ability to receive offers, as well as accept them, reject them, or counter them. -Ability to allow purchases for a set price. -Full domain details available on domain information page. -Completely customizable user interface. -Ability to store user information and utilize a username and password.


Persistent XSS Vulnerability
{DEMO} : target/demo/index.php

EXPLOIT: >><marquee><h1>$#4d0\/\/</h1><marquee>

Observe: A persistent cross-site scripting vulnerability in DomainShopScript can be exploited to execute arbitrary JavaScript.

sp3c14l Thanks to s1d3 effects and my friends@!3.14–


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: