CodoForum 3.4 - Persistent Cross-Site Scripting

Author: Ahmed Sherif
type: webapps
platform: php
port: 80.0
date_added: 2016-06-27 
date_updated: 2016-07-07 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url: http://www.exploit-db.com/screenshots/idlt40500/screen-shot-2016-07-07-at-44850-pm.png 
application_url: http://www.exploit-db.comcodoforum.v.3.4.build-19.zip

# Exploit Title: Codoforum v3.4 Stored Cross-Site Scripting (Stored XSS)
# Google Dork: intext:"powered by codoforum"
# Date: 01/06/2016
# Exploit Author: Ahmed Sherif (OffensiveBits)
# Vendor Homepage: http://codologic.com/page/
# Software Link: http://codoforum.com/index.php
# Version: V3.4
# Tested on: Linux Mint


1. Description:

The Reply and search functionalities are both vulnerable to Stored XSS due
to improper filtration in displaying the content of replies.


2. Steps to reproduce the vulnerability:


1. Login to your account.
2. look for any topic and add a reply .
3. in the reply textbox add a widely used common keyword within xss
payload for example : (keyword"><svg/onload=prompt(document.cookie)>)
4. while any user surfing the topic and started to search for specific
keywords the javascript code will be executed.



3. Solution:

The new version of codoforum will be released this week.