كيف يمكن الحصول علي موقع مصاب بثغرهxss

ممكن بس تشرح لي الموجود بالثغره وكيفيه الاستغلال هتعبك معايا شويه بس اتحملني

------------------------------------------------------------------------------- 0 | | | | | | TM 1 _______ _ __ ___ ______| |__ __ _ ___| | _____ _ __ _ __ ___| |_ 0 |_ / _ \| '_ \ / _ \______| '_ \ / _` |/ __| |/ / _ \ '__| '_ \ / _ \ __| 1 / / (_) | | | | __/ | | | | (_| | (__| < __/ | _| | | | __/ |_ 0 /___\___/|_| |_|\___| |_| |_|\__,_|\___|_|\_\___|_|(_)_| |_|\___|\__| 1 0xPrivate 0xSecurity 0xTeam 0 ++++++++++++++++++++++++++++++++++++++++++++++++++ ++ 1 A Placec Of 0days ------------------------------------------------------------------------------ ^ exploit title: PhpBB2 Module "Custom Mass PM" Cross Site Scripting Vulnerability ^ Author : Silic0n (science_media017[At]yahoo.com) ^ MOD Title: Custom mass PM ^ MOD Description: Add mass PM functionnality to group members (or all forums members) for authorized users. Add the possibility for all users to send ordinary PM to multiple users (usernames separated by a semi-colon) ^ MOD Version: 1.4.7 ^ exploit Release: 8/27/2011 ^ Vulnearble script: privmsg.php -------------------- ^ Payload -------------------- 0x1 : Goto forum_script/Privmsg.php 0x2 : Username Input Box write Malicious JS eg :***************(********.******)</script> -------------------- ^ Vulnearble code -------------------- $to_username_array = explode (";", $HTTP_POST_VARS['username']); -------------------- Fix : -------------------- $to_username = phpbb_clean_username($HTTP_POST_VARS['username']); $to_username_array = explode (";", $to_username); Special Thnanks To mafi, Gaurav_raj420 , Exidous , Mr 52 (7) , Dalsim , Zetra , root4o , D4rk, Danzel, messsy , Thor ,abronsius ,Nova , jaya ,@ry@n ,entr0py, -[SiLeNtp0is0n]- ,Ne0_Hacker, InX_R00t,DODo(:P) All ZH , DK & G4H members ------------ ^ Site ------------ www.igniteds.net (ConsoleFx) # 1337day.com [2011-08-27]