hi , I saw some XSS tutorial video files of antichat.ru and I always see that antichat.ru use image files like .gif or .jpg to steal cookie . I wonder how can you creat these image file ? How does it work ? Thanx for ur help and ur suggest
thanx i think i understood . It's a php script but we can use .htaccess to execute .jpg file like a .php file
make a php script, save it as a gif (jpg, png, etc...) file then make a .htaccess file with this code: PHP: <Files "s.gif"> AddType application/x-httpd-php .gif </Files> ant put this file in the same directory with you "image" if you are allowed to use htaccess on your server, openning your "image" you will execute your php code in it
thanx for ur help . But I have another question when I see hack-info tutorial video file . In this tutorial I saw that u upload an image from ur comp and use it for your avatar and to deface . So it mean an image will run on this site but maybe .htaccess of this site not allow us run image file as php file . And also , when we upload an image from our comp to use for our avatar and there some code in this image to deface the site , but if the site chmod index file is not writeable (for example 644) , we cant make an image edit index file so we cant deface it ?
