Hello,
i stole cookie of a user, but i can't login right away with :
javascript:document.cookie="user=1;password=434rerdsd343;"
instead, i have to enter one by one, first with user, and then with password to login.

thats beautiful, thanks for letting us now.

I'll alert the media.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

lol, somebody can explain about it ?

yes, they're picking on you.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

This is now my favourite thread this week

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

So you mean you can do this?

javascript:void prompt("Put da cookie!:",document.cookie).replace(/[^;]+/g,function(_){document.cookie=_;});

taken from da wikipedia
http://es.wikipedia.org/wiki/XSS

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 1 time(s). Last edit at 10/25/2009 08:24AM by sirdarckcat.

What's that language ? Eskimor ??

Spanish - Español

javascript:void prompt("Put da cookie!:",document.cookie).replace(/[^;]+/g,function(_){document.cookie=_;});

> What's that language ? Eskimor ??
javascript

;)

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

I think it's Escobar

Ryonan Wrote:
-------------------------------------------------------
> Hello,
> i stole cookie of a user, but i can't login right
> away with :
> javascript:document.cookie="user=1;password=434rer
> dsd343;"
> instead, i have to enter one by one, first with
> user, and then with password to login.

document.cookie does actually let you do multiple cookies at a time, however it splits cookies by new line rather than by semi-colon, so this would work:

javascript:document.cookie="user=1\napassword=434rerdsd343";alert(document.cookie);


fun cookie-setting bugs for all if you find somewhere letting you set a cookie 'value' in js

----------------------------------------------------------
Don't forget our IRC: irc://irc.irchighway.net/#slackers
[kuza55.blogspot.com]

@kuza55
that's firefox only right?

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

sirdarckcat Wrote:
-------------------------------------------------------
> @kuza55
> that's firefox only right?


Contrary to what I would have thought, yes, this is Firefox only (did a quick test of Chrome, IE 8, Opera 10, Safari 4).

Interestingly though, everything besides IE would truncate on \n....

Does anyone remember this working in other browsers, or did I just never bother to test this outside Firefox?

----------------------------------------------------------
Don't forget our IRC: irc://irc.irchighway.net/#slackers
[kuza55.blogspot.com]

actually, I remember that you told me it was firefox only.. haha
anyway dont trust my memory =/

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat