TUCoPS :: Web :: PHP :: b06-3416.htm

Php-Fusion (Xss) With Avatar Upload
Php-Fusion (Xss) With Avatar Upload
Php-Fusion (Xss) With Avatar Upload


Hi;=0D
=0D
===================0D
http://php-fusion.co.uk/=0D 
===================0D
=0D
Php-Fusion (Xss) With Avatar Upload...=0D
=0D
With This Vulnerability, You Are able To Become Any User Who Uses a Browser That=0D
"internet Explorer"(Support Cross Site Scripting), So it is Possible To Become Admin.=0D
Firefox Can't Write..=0D
Admin or User Cookie We Are Able To Take =0D
=0D
=0D
Php-Fusion İs Avatar Xss By Pass=0D
==================0D
=0D
Our Xss Code : =0D
=0D
GIF89a=01 =01 =0D
=0D
=0D
So Now We Will Open A NotPat And Put Our Code and Saved With .jpg .gif .... =0D
And Upload A Php-Fusion Site.. http://[victim]/[Php-Fusion]/edit_profile.php=0D 
=0D
=0D
Credits ; ZeberuS & Redworm ZeberuS_@hotmail.com | Redworm@Redworm.Us ;)=0D 
                              =0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH