Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
xss problem
Posted by: lobas
Date: March 22, 2007 06:12AM

i have a xss where i can execute javascript, but cant get the document.cookie because the ip has been moved, it used to be site.com but some how its transfered to 2343245234.site.com

so there is no document cookie

any tips to bypass this?

Options: ReplyQuote
Re: xss problem
Posted by: rsnake
Date: March 22, 2007 10:09AM

Probably not unless you can find another XSS hole. :(

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: xss problem
Posted by: lobas
Date: March 22, 2007 10:24AM

it onjly transfer whe nthe xss request is made

Options: ReplyQuote
Re: xss problem
Posted by: rsnake
Date: March 22, 2007 01:53PM

It's hard to say without looking at it, but I doubt you're going to be able to do much if you aren't on the same domain as the cookie.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: xss problem
Posted by: trev
Date: March 22, 2007 03:10PM

Unless you are on the same domain as the login form - in which case you can show a fake login form or make the real one send data to you.

Options: ReplyQuote


Sorry, only registered users may post in this forum.