Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 24
Members Online: 1

Registered Members: 82843
Newest Member: hx47
Latest Articles

Cookies

Arrow Image Viewing and editing cookies


Alright, with my realistic 1 article, i got a couple questions on inline Javascript Injection and how to do it, so i decided to write an article about it. VIEWING: Alright, this is going to go a bit farther than maybe needed, but i want to include as much as possible for those who don't know the lingo. First, what we want to do is view the cookies. Simply go up to your url bar (where you type in http://google.com) and erase everything in it, now type: javascript:alert(document.cookie); then hit enter. What just popped up is your personal cookie data. Take a look at how it is set up, cookiename=cookievalue. EDITING: Now, let's say you just stole someone's cookie(s) (how you'd be able to do that without knowing how to edit a cookie is beyond me, but, this is just an example..). Let's say you just got admin=True and amIgod=1 What you'll want to do is, do the same thing you did to view the cookies, but instead put: javascript:void(document.cookie="admin=True"); enter javascript:void(document.cookie="amIgod=1"); enter javascript:alert(document.cookie); enter - check to see if the values were added and refresh (or click a link). You should be able to chain them together as well, if you wish. that would look like: javascript:void(document.cookie="admin=True");javascript:void(document.cookie="amIgod=1");javascript:alert(document.cookie); enter - which will do everything as above, but in one line. *note - it doesn't always work, people have been having problems with that in Real 1. ***Note - make sure everything is grammatically correct, and capitalized appropriately. This is kind of a hard subject to explain very well, so please feel free to ask me any questions.

Comments

LANz-gouZon May 29 2005 - 11:10:51
I'd said : javascript:void(document.cookie="username=administrator"Wink;javascript:void(document.cookie="password=1234abcd"Wink;
nights_shadowon July 04 2005 - 22:00:31
Sometimes you can't link them together and you need to do one query at a time.
Zietlebenon July 20 2005 - 07:09:55
Nice helped me out a lot
S3ngyRon May 09 2006 - 12:47:16
yeah good tut lol I forgot to see those damn cookies xD thanks buddy Wink
S25on June 11 2006 - 10:39:37
Pretty good but a bit too much of a spoiler in my humble oppinion.
crimson19on November 03 2006 - 00:28:28
It doesnt work for me. All I get is an alert box with {Javascript Application} as the title. I am using FF. What did I do wrong?
USMCon February 11 2008 - 05:59:01
Search Cookies on the Firefox AddOn page. Thye have one that lets you edit the cookies.
Orillianon September 21 2009 - 15:26:13
Not bad, but please PARAGRAPHS
Lionzon January 29 2012 - 17:11:16
yes firefox doesn't accept that in url address
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.