RE: Session dumped through an iframe... need help. |
||
I should have posted the other pieces of code or at least more information... I just don't want to give away too much information because of the potential implications of the concept. Okay, here it is... From an attacker's perspective. The index.php of the attacker's website contains an iframe that refreshes every 30 seconds. Inside of that iframe, pageswitcher.php is run. Pageswitcher gathers the content of the page in the url contained in url.txt and then writes it to a file to be read later. Because the iframe refreshes every 30 seconds, the attacker has the ability to change what content is gathered for every user who visits his website by changing the contents in url.txt. What you see below is a php script that opens url.txt. It then makes the url in url.txt a variable. Finally, it loads the content of that url to be written to a file (with another script). Now I'm not sure how to modify this so that it's not using the IP of attacker's server in the pageswitcher or so that it sends the session information of each person with it. I've seen a number of viewsource scripts that will take the source of external pages while keeping my session with that page alive. I'm just not sure how. ><?php $DEFAULT_FILE = "index.php"; ?> ><?php $url=fopen("url.txt","r"); ?> ><?php $file = fgets($url); ?> ><?php > if (isset($file)) { > $file2 = $file; > echo "<div class=\"source\">\n"; > $content=file_get_contents($file2); > echo $content; > echo "</div>\n"; > } else { > $file = $DEFAULT_FILE; > } >?> Replies:
|
||
| CyberArmy::Forum v0.6 Generated In 0.00531 seconds |
2008-09-22 03:01:49