Donate to us via Paypal!
The important thing is not to stop questioning. - Albert Einstein
Saturday, November 28, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 82
Guests Online: 81
Members Online: 1

Registered Members: 130552
Newest Member: Johnfoege
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

xss cookiestealers


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-10-06 22:08
Hello all,I'm having some xss troubles,my intentions were to steal admin cookies on a certain site(not to be malicious though,just for educational purposes)first off i found a vulnerable gustbook;then i found a free server that supports php,and took nanoys script(from his article on www.nanoy.org) and named it cookie.php ,and then made a page called cookies.html so cookie.php could write the cookie info down on cookies.html(which had a 777 permission setting)and then i put a redirector script in the vulnerable guestbook and when you goto the guestbook it redirects you to my cookie stealer page,but all it says on the cookies.html page is; //Write the cookie at the bottom Cookie:I'm all out of ideas.Thanks in advance. Smile


Author

RE: xss cookiestealers


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-10-06 22:11
Are there cookies to steal? It's a little pointless otherwise Pfft


Author

RE: xss cookiestealers


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-10-06 22:14
yes I know through a little s.e that there are plenty of cookies to steal.


Author

RE: xss cookiestealers


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-10-06 23:21
If its the logging part you're struggling with then try using ccl.whiteacid.org


Author

RE: xss cookiestealers


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-10-06 00:16
I'm going to sound stupid regardless - But is that your site WhiteAcid.

It's not the first time I've seen it and imho it's very impressive


Author

RE: xss cookiestealers


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-10-06 01:08
Yes, it is mine, what gave it away Pfft
Thank you.


Author

RE: xss cookiestealers


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-10-06 01:20
Haha Very impressed with that site dude. How many people have registered?

And I remember you posting a link to a video and you proclaimed that is what not you... or my memory serves me wrong which is the most likely scenario.


Author

RE: xss cookiestealers


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-10-06 01:38
I don't know. I keep everything as anonymous as possible so there are no stats and I've set up a cron job to remove redundant accounts. That's accounts not used within 60 days.

Besides that... number of users and numbers of cookies stolen isn't something I want to make public even if I could.

I can't quite remember which video you're refering to, the SQL injection one? Yeah, that wasn't me.