folder Filed in Advisories
Cross-Site Scripting Vulnerability in phpSocial aka phpDolphin Social Network Script [CVE-2017-10801]
Mohamed A. Baset comment 0 Comments access_time 1 min read


[-] Product Description:
phpSocial is a Social Network Platform similar with Facebook, allowing users to interact with each other by live chatting, sending messages, comments, like, share photos, life events and so much more.

[-] Vulnerability Type:
Reflected Cross Site Scripting

[-] Impact and more info:

[-] Version affected:
phpSocial / phpDolphin < (3.0.1)

[-] Vulnerable Request Type:

[-] Vulnerable Module/Parameter/Path:

[-] Payload used:
“><img src=”x” onerror=”alert(document.domain)”>

[-] Proof of Concept URL:
InstallationDomain/search/tag/”><img src=”x” onerror=”alert(document.domain)”>

[-] Proof of concept Video:

[-] Fix Suggestion:
Filter and sanitize all the user supplied inputs.

[-] Product Changelog:
3.0.1 – 2 July 2017
Improved support for PHP 7.1+
Improved character encoding support
Fixed permalinks for combined search filters
Fixed a security fix regression
Other minor improvements

[-] Product URL(s):

[-] Product Changelog:

[-] Disclaimer:
This bug is subject to Seekurity SAS de C.V. responsible disclosure rules which is a 90-day-disclosure-deadline. After 90 days elapse or a patch has been made broadly available, the bug details will become visible to the public through our official communication channels.



A minute if you please!

Building a website, an application or any kind of business? Or already have one? Worried about your security? Think twice before going public and let us protect your business!



Leave a Reply

Your email address will not be published. Required fields are marked *

Cancel Post Comment

Translate this blog