Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [o] Author : SKRBot (SKrB18@gmail.com)
- [o] Date : 13 – 07 – 2011 | 8:53
- [o] Remote : 4shared.com
- [o] Who : Online file sharing and storage – 10 GB free web space. Easy registration. File upload progressor. Multiple file transfer. Fast download.
- [o] Pagerank : PR 6/10
- [o] Details
- [o] Used method : Persistent Cross-site scripting
- [o] Vulnerable URL (safe example!) : http://www.4shared.com/enter.jsp?sId=lDLSJfc7j9t8Xky2&&fau=1&ausk=lDLSJfc7j9t8Xky2&au=1 (expired, screenshots available below)
- Update: This also applies to other upload services. Examples below:
- #1, Multiupload: http://www.multiupload.com/OZFA3JLJJC | http://i.imgur.com/1daMj.png
- #2, Fileserve: http://www.fileserve.com/file/nh7UNYG | http://i.imgur.com/lGMng.png
- #3, Speedyshare: http://www.speedyshare.com/files/29423841/_img_src_x_onerror_alert_XSS_d | http://i.imgur.com/pXpYn.png
- [o] Screenshots
- #1, The file: http://ly.gs/wp-content/uploads/2011/07/4file.png
- #2, JS Alert: http://ly.gs/wp-content/uploads/2011/07/4alert.png
- #3, Final source: http://ly.gs/wp-content/uploads/2011/07/4source.png
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement