+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Website & Server Hacking (https://sinister.ly/Forum-Website-Server-Hacking)
+--- Thread: <XSS> [Help Needed] (/Thread-XSS-Help-Needed)
<XSS> [Help Needed] - Anonymous - 11-24-2012
Heres my understanding of the XSS Cookie Stealing.
You find an XSS Valn within that site.
You then Send them the XSS Valn With a cookie Stealing Script (Of course you need to create a site with the cookie stealing script, log, and script that gives the cookie to the cookie stealer.)
What I do not under stand is how you view the cookies after u get them, or Say if a user wasnt logged in does it send them to a login page which they then log in and then u get their login cookie?
And do you need to create a real web page for these scripts?
These are what I need to Clarify.
And then hopefully i can create these with out any kind of help.
Sorry for the Newbie Questions, I'm more of a visual learner, and then I keep doing it until I understand the complete process to where i understand every detail.
RE: <XSS> [Help Needed] - Ultimatum - 12-05-2012
Um, you use firebug and you modify your current cookie to change them to the one that is hopefully the admin's after he has logged in therefore, giving you access to AdminCP.
If the admin is not logged in receiving your email (weird), then you will still get a cookie, but will not give you access, just make you look like him accessing the page.
RE: <XSS> [Help Needed] - Anonymous - 12-05-2012
Yeah XSS didnt help me much on my mission i set out to do.