API tools faq
paste
Advertisement
Guest User

upload xss

a guest
Jul 18th, 2011
133
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.07 KB | None | 0 0
raw download clone embed print report
  1. [o] Author : SKRBot (SKrB18@gmail.com)
  2. [o] Date : 13 – 07 – 2011 | 8:53
  3. [o] Remote : 4shared.com
  4. [o] Who : Online file sharing and storage – 10 GB free web space. Easy registration. File upload progressor. Multiple file transfer. Fast download.
  5. [o] Pagerank : PR 6/10
  6.  
  7. [o] Details
  8. [o] Used method : Persistent Cross-site scripting
  9. [o] Vulnerable URL (safe example!) : http://www.4shared.com/enter.jsp?sId=lDLSJfc7j9t8Xky2&&fau=1&ausk=lDLSJfc7j9t8Xky2&au=1 (expired, screenshots available below)
  10.  
  11. Update: This also applies to other upload services. Examples below:
  12. #1, Multiupload: http://www.multiupload.com/OZFA3JLJJC | http://i.imgur.com/1daMj.png
  13. #2, Fileserve: http://www.fileserve.com/file/nh7UNYG | http://i.imgur.com/lGMng.png
  14. #3, Speedyshare: http://www.speedyshare.com/files/29423841/_img_src_x_onerror_alert_XSS_d | http://i.imgur.com/pXpYn.png
  15.  
  16. [o] Screenshots
  17. #1, The file: http://ly.gs/wp-content/uploads/2011/07/4file.png
  18. #2, JS Alert: http://ly.gs/wp-content/uploads/2011/07/4alert.png
  19. #3, Final source: http://ly.gs/wp-content/uploads/2011/07/4source.png
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!