Cookie Grabber Kinda Explained.

[second2none]

actually the code is

Quote:

<script>alert('1')</script>

shows neither of you read it.

secondly....

Quote:

First you need to find a vulnerability in the site. I'm still kinda new to this, so what I do is look for forms, something that updates... like your profile. Ok.
So now you want to see if they allow javascript
type in.

Quote:

and submit it. View your profile. If you see a popup saying "1", then the site is vulnerable. For now we will say it has popup up.

If you don't get that... you need to read up on javascript and PHP more cause your not ready lol.

[poopehgamer]

nvm i think i have it..so this is what ive gotten from doing 5 mins of research.
ok so to find if a site has javascript allowed i make a php file linked to that site and type <script>alert('1')</script> all the way at the top and when i click on it and it says 1 at top it accepts it right? just to doublecheck

[president of corp]

Alright. Just put it this way second2none, people will basically need some form of a tutorial or something. Maybe not a gaia page(to keep gaia from patching it.) but SOME sort of page to
help a few out.

[poopehgamer]

yes im confused, like you didnt even tell us where to put <script>alert('1')</script> you just put type it in im like type it in where :B also if you cba do you at least have a link to a tut?

also i did some new research, and is this right ?
note:i copyed and pasted this info

The only sure fire way to separate users that don't have Javascript from those that do is to use a simple redirect script that will only work for those with Javascript enabled. If a person's browser does not have Javascript enabled the script will not run and they will remain on the same page.

<script type="text/javascript">
window.location = "http://www.example.com/javascript-enabled.html"
</script>

[president of corp]

Oh, Speaking of which, try putting that part on top of the php code were it starts talking about
cookie grabbing part.(for some reason that if you put it after the php code, it wont activate. but if you put it on top of the php code, it will.)

[poopehgamer]

yeah i know ive been doing some javascript research, there are only 3 places you can put a script , in the header, body, and something else also it kinda poped up for me

[second2none]

ok well it doesn't take a genius to figure it out xD.

Quote:

so what I do is look for forms, something that updates... like your profile. Ok.

I thought people would of put 2 and 2 together and tried it.
If you want to know.
You are going to need to do research.

Links that will help you understand.
'
HTML Forms and Input <- Basic HTML forms. so you know what they are.

XSS Introduction by Steve <- Basic XSS tutorial.
Read both of them and you will understand what I'm trying to say. If you still don't sorry.... basic hackzoring webzors is not for you.

[poopehgamer]

ok ill try it out..its kinda confuseing because you never mentioned anything like "in that same file write" or "make a new file" ect ect.but is ok ive been doing so much research i feel like im training for a job on javascript ive read at least 10 pages on how nad know i know how to do alot of stuff :B

[second2none]

what do you mean make a new file? o_0... you don't make a new file except for the php file.

and...........................................
I thought it was self explanatory when I said, find something that updates, like your profile, and type in. blah blah

[poopehgamer]

i didnt really know where to put the script,like weather to put it in a new file, header, body ect that kinda stuff (yes i know i used ect. alot) also thanks for the link im learning alot XD i learned the checkbox thing...imma try it without looking...


<form>
yes i do
<input type="checkbox" name="yes" value=yes">
</form>
(dont pay attention to that, just testing myself)
:B some random stuff XD