EvilZone
Hacking and Security => Hacking and Security => Topic started by: ekevjn on April 16, 2015, 02:23:49 AM
-
I have uploaded php shell to a host. Now i want get user cookie so i think about xssshell and i have found 1 xssshell.asp in the internet that get people cookie through Cross-site scripting method. But i want to change the contant of index.php in the host that i hacked and put some code to get user cookie and send to my xssshell.asp. Is that impossible, any help?
Or any suggestion about different techniques can get user cookies with phpshell uploaded?
ps: i know that if host run .asp page as default so i can embed php and let them run together but my host run php
Thank for reply
-
I don't think you can combine the two - they are very different technologies and requires separate interpreters. Why are you using an ASP shell if the host is using PHP? just port the ASP shell to PHP, how hard can that be...
-
I don't think you can combine the two - they are very different technologies and requires separate interpreters. Why are you using an ASP shell if the host is using PHP? just port the ASP shell to PHP, how hard can that be...
Thank for your reply, combine the two is impossible so there are other way can help me get logging user cookie? i thinking about read user cookie by the way insert some code to index.php like:
=============================
<?php
echo $_COOKIE["your cookie name"];
?>=============================
But i don't know how to save the cookie or send cookie to my host
-
Thank for your reply, combine the two is impossible so there are other way can help me get logging user cookie? i thinking about read user cookie by the way insert some code to index.php like:
=============================
<?php
echo $_COOKIE["your cookie name"];
?>=============================
But i don't know how to save the cookie or send cookie to my host
It would be better to google first, before asking such a question.
http://lmgtfy.com/?q=php+cookie+stealer (http://lmgtfy.com/?q=php+cookie+stealer)
How hard was that?
-
It would be better to google first, before asking such a question.
http://lmgtfy.com/?q=php+cookie+stealer (http://lmgtfy.com/?q=php+cookie+stealer)
How hard was that?
Thank for your reply.
The main method when i googling php cookie stealer that they exploit stored XSS but my hacked website isn't vulnerability with XSS so i thinking about insert some code to index.php about how the host handle user cookie and send it to me. That mean when user login ( over hybrid mode using google account) the host will check for user cookie and send it to me. (actualy the host using seesion for control and store them in uer cookie)