An image file to steal cookie ?

Discussion in 'Forum for discussion of ANTICHAT' started by ghostshadow189, 20 Apr 2006.

  1. ghostshadow189

    ghostshadow189 New Member

    Joined:
    20 Mar 2006
    Messages:
    5
    Likes Received:
    0
    Reputations:
    0
    hi , I saw some XSS tutorial video files of antichat.ru and I always see that antichat.ru use image files like .gif or .jpg to steal cookie . I wonder how can you creat these image file ? How does it work ?

    Thanx for ur help and ur suggest :D
     
  2. Stronger_se

    Stronger_se Elder - Старейшина

    Joined:
    6 Mar 2006
    Messages:
    32
    Likes Received:
    6
    Reputations:
    1
    it's not options of image ... just scripting

    so read more about "sniffer"
     
  3. vectorg

    vectorg Противоядие

    Joined:
    7 Aug 2005
    Messages:
    335
    Likes Received:
    140
    Reputations:
    236
    it's not an image, it's php
    we use .htaccess file to execute .gif extention as a php script
     
  4. Dronga

    Dronga ВАША реклама ТУТ!!

    Joined:
    1 Jul 2005
    Messages:
    575
    Likes Received:
    239
    Reputations:
    249
  5. ghostshadow189

    ghostshadow189 New Member

    Joined:
    20 Mar 2006
    Messages:
    5
    Likes Received:
    0
    Reputations:
    0
    thanx i think i understood . It's a php script but we can use .htaccess to execute .jpg file like a .php file :D
     
  6. vectorg

    vectorg Противоядие

    Joined:
    7 Aug 2005
    Messages:
    335
    Likes Received:
    140
    Reputations:
    236
    make a php script, save it as a gif (jpg, png, etc...) file
    then make a .htaccess file with this code:
    PHP:
    <Files "s.gif">
    AddType application/x-httpd-php .gif
    </Files>
    ant put this file in the same directory with you "image"

    if you are allowed to use htaccess on your server, openning your "image" you will execute your php code in it
     
  7. ghostshadow189

    ghostshadow189 New Member

    Joined:
    20 Mar 2006
    Messages:
    5
    Likes Received:
    0
    Reputations:
    0
    thanx for ur help . But I have another question when I see hack-info tutorial video file . In this tutorial I saw that u upload an image from ur comp and use it for your avatar and to deface . So it mean an image will run on this site but maybe .htaccess of this site not allow us run image file as php file .

    And also , when we upload an image from our comp to use for our avatar and there some code in this image to deface the site , but if the site chmod index file is not writeable (for example 644) , we cant make an image edit index file so we cant deface it ?
     
    #7 ghostshadow189, 22 Apr 2006
    Last edited: 22 Apr 2006
  8. ghostshadow189

    ghostshadow189 New Member

    Joined:
    20 Mar 2006
    Messages:
    5
    Likes Received:
    0
    Reputations:
    0
    oh , I also wonder that how can u edit the image file and after that it still display correctly :D
     
  9. vectorg

    vectorg Противоядие

    Joined:
    7 Aug 2005
    Messages:
    335
    Likes Received:
    140
    Reputations:
    236
    give me the link of the video
     
  10. ghostshadow189

    ghostshadow189 New Member

    Joined:
    20 Mar 2006
    Messages:
    5
    Likes Received:
    0
    Reputations:
    0
Loading...