Waraxe IT Security Portal

:: Home :: Search :: Your Account :: Forums :: Waraxe Advisories :: Tools ::

October 29, 2025

Menu

Home

Logout

Discussions

	Forums
	Members List
	IRC chat

Tools

	Base64 coder
	MD5 hash
	CRC32 checksum
	ROT13 coder
	SHA-1 hash
	URL-decoder
	Sql Char Encoder

Affiliates

	y3dips ITsec
	Md5 Cracker
	User Manuals
	AlbumNow

Content

	Content
	Sections
	FAQ
	Top

Info

	Feedback
	Recommend Us
	Search
	Journal
	Your Account

User Info

Membership:

Latest: MichaelSnaRe

New Today: 0

New Yesterday: 0

Overall: 9144

People Online:

Visitors: 40

Members: 0

Total: 40

Full disclosure

SEC Consult SA-20251027-0 :: Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System #CVE-2025-12055
Stored Cross-Site Scripting (XSS) via SVG File Upload -totaljsv5013
Stored HTML Injection - Layout Functionality - totaljsv5013
Stored Cross-Site Scripting (XSS) - Layout Functionality -totaljsv5013
Current Password not Required When Changing Password -totaljsv5013
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Struts2 and Related Framework Array/Collection DoS
[REVIVE-SA-2025-002] Revive Adserver Vulnerability
[REVIVE-SA-2025-001] Revive Adserver Vulnerability
SEC Consult SA-20251021-0 :: Multiple Vulnerabilities in EfficientLab WorkExaminer Professional (CVE-2025-10639, CVE-2025-10640, CVE-2025-10641)
[SYSS-2025-017]: Verbatim Store 'n' Go Secure Portable HDD (security update v1.0.0.6) - Offline brute-force attack
[SYSS-2025-016]: Verbatim Store 'n' Go Secure Portable SSD (security update v1.0.0.6) - Offline brute-force attack
[SYSS-2025-015]: Verbatim Keypad Secure (security update v1.0.0.6) - Offline brute-force attack
Malvuln - MISP compatible malware vulnerability intelligencefeed now live
BSidesSF 2026 CFP still open until October 28th

IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Cross-site scripting aka XSS -> Stealing Cookies (Friendster/Myspace)
	View previous topic :: View next topic

Stealing Cookies (Friendster/Myspace)

Posted: Mon Mar 13, 2006 5:49 am

jokomamamita

Beginner

Joined: Mar 13, 2006

Posts: 1

Greetings,
I would like to know is there any way to steal users cookies from Social networking site such as Friendster(dot)com [Forget about MySpace, they had improved alot!]...!

As you all know, friendster had filtered the <script> tag together with some other tags! But javascript could still be executed using SWF-Javascript combination and even CSS Expression like this :

#watever {
height : expr/**/ession(some javascript codes goes here);
}

So, is it possible to implement any code which would steal/spoof users cookies and let the details being logged somewhere else on the net?

Thanks in advance! Smile

Stealing Cookies (Friendster/Myspace)

www.waraxe.us Forum Index -> Cross-site scripting aka XSS

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

All times are GMT
Page 1 of 1

PCWizardHub - Helping you fix, build, and optimize your PC life
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.032 Seconds