|
An image file to steal cookie ?
hi , I saw some XSS tutorial video files of antichat.ru and I always see that antichat.ru use image files like .gif or .jpg to steal cookie . I wonder how can you creat these image file ? How does it work ?
Thanx for ur help and ur suggest :D |
it's not options of image ... just scripting
so read more about "sniffer" |
Цитата:
we use .htaccess file to execute .gif extention as a php script |
You may see a not exactly source code of this sniffer on main page: http://antichat.ru/sniff/
|
thanx i think i understood . It's a php script but we can use .htaccess to execute .jpg file like a .php file :D
|
make a php script, save it as a gif (jpg, png, etc...) file
then make a .htaccess file with this code: PHP код:
if you are allowed to use htaccess on your server, openning your "image" you will execute your php code in it |
thanx for ur help . But I have another question when I see hack-info tutorial video file . In this tutorial I saw that u upload an image from ur comp and use it for your avatar and to deface . So it mean an image will run on this site but maybe .htaccess of this site not allow us run image file as php file .
And also , when we upload an image from our comp to use for our avatar and there some code in this image to deface the site , but if the site chmod index file is not writeable (for example 644) , we cant make an image edit index file so we cant deface it ? |
oh , I also wonder that how can u edit the image file and after that it still display correctly :D
|
give me the link of the video
|
oh this is the video of this site : http://video.antichat.ru/file37.html
|
| Время: 11:01 |