Cookies

Cookies

By ghost | 11850 Reads |

0     0

Alright, with my realistic 1 article, i got a couple questions on inline Javascript Injection and how to do it, so i decided to write an article about it.

VIEWING:

Alright, this is going to go a bit farther than maybe needed, but i want to include as much as possible for those who don't know the lingo. First, what we want to do is view the cookies. Simply go up to your url bar (where you type in http://google.com) and erase everything in it, now type: javascript:alert(document.cookie); then hit enter. What just popped up is your personal cookie data. Take a look at how it is set up, cookiename=cookievalue.

EDITING:

Now, let's say you just stole someone's cookie(s) (how you'd be able to do that without knowing how to edit a cookie is beyond me, but, this is just an example..). Let's say you just got admin=True and amIgod=1 What you'll want to do is, do the same thing you did to view the cookies, but instead put: javascript:void(document.cookie="admin=True"); enter javascript:void(document.cookie="amIgod=1"); enter javascript:alert(document.cookie); enter - check to see if the values were added and refresh (or click a link). You should be able to chain them together as well, if you wish. that would look like: javascript:void(document.cookie="admin=True");javascript:void(document.cookie="amIgod=1");javascript:alert(document.cookie); enter - which will do everything as above, but in one line. *note - it doesn't always work, people have been having problems with that in Real 1.

***Note - make sure everything is grammatically correct, and capitalized appropriately.

This is kind of a hard subject to explain very well, so please feel free to ask me any questions.