# Exploit Title :----------------- : Oneblog v2.0 - (posts_new.php) - Stored XSS

# Author :------------------------ : Nassim Asrir

# Author Company :------------------------ : HenceForth

# Author Email :------------------------ : wassline@gmail.com

# Google Dork :---------------- :  -

# Date :-------------------------- : 17/10/2016

# Type :-------------------------- : webapps

# Platform : -------------------- :  PHP  

# Software link : -------------- : http://wmscripti.com/php-scriptler/oneblog-blog-scripti.html

############################ Stored XSS Vulnerabilty ############################

 ## Code ##

}else{  
         $message = $_POST['message'];  
         }  
if($title && $name && $message) {  

  $query = "INSERT INTO blog (title, author, post, date) VALUES ('$title', '$name', '$message', NOW())";  

  $result = mysql_query($query);  

    ## Proc ##

- As you see the parameter ($message) is not protected using (html_entity_decode OR strip_tags).

- To test it . go to Admin panel . "http://yoursite/admin/posts_new.php" and create in the Message box:  "><script>alert(1);</script>.

- and go to home page and you can see the alert and when any visitor visit your site he see the alert.