hi , I saw some XSS tutorial video files of antichat.ru and I always see that antichat.ru use image files like .gif or .jpg to steal cookie . I wonder how can you creat these image file ? How does it work ?

Thanx for ur help and ur suggest :D

it's not options of image ... just scripting

so read more about "sniffer"

antichat.ru use image files like .gif or .jpg to steal cookie
it's not an image, it's php
we use .htaccess file to execute .gif extention as a php script

You may see a not exactly source code of this sniffer on main page: http://antichat.ru/sniff/

thanx i think i understood . It's a php script but we can use .htaccess to execute .jpg file like a .php file :D

make a php script, save it as a gif (jpg, png, etc...) file
then make a .htaccess file with this code:
<Files "s.gif">
AddType application/x-httpd-php .gif
</Files>
ant put this file in the same directory with you "image"

if you are allowed to use htaccess on your server, openning your "image" you will execute your php code in it

thanx for ur help . But I have another question when I see hack-info tutorial video file . In this tutorial I saw that u upload an image from ur comp and use it for your avatar and to deface . So it mean an image will run on this site but maybe .htaccess of this site not allow us run image file as php file .

And also , when we upload an image from our comp to use for our avatar and there some code in this image to deface the site , but if the site chmod index file is not writeable (for example 644) , we cant make an image edit index file so we cant deface it ?

oh , I also wonder that how can u edit the image file and after that it still display correctly :D

give me the link of the video

oh this is the video of this site : http://video.antichat.ru/file37.html