Author Topic: [Needhelp] Can i embed .asp page in php page??? (Read 635 times)

ekevjn · « **on:** April 16, 2015, 02:23:49 am »

I have uploaded php shell to a host. Now i want get user cookie so i think about xssshell and i have found 1 xssshell.asp in the internet that get people cookie through Cross-site scripting method. But i want to change the contant of index.php in the host that i hacked and put some code to get user cookie and send to my xssshell.asp. Is that impossible, any help?

Or any suggestion about different techniques can get user cookies with phpshell uploaded?

ps: i know that if host run .asp page as default so i can embed php and let them run together but my host run php

Thank for reply

Kulverstukas · « **Reply #1 on:** April 16, 2015, 07:24:06 am »

I don't think you can combine the two - they are very different technologies and requires separate interpreters. Why are you using an ASP shell if the host is using PHP? just port the ASP shell to PHP, how hard can that be...

ekevjn · « **Reply #2 on:** April 16, 2015, 09:17:38 am »

Quote from: Kulverstukas on April 16, 2015, 07:24:06 am

I don't think you can combine the two - they are very different technologies and requires separate interpreters. Why are you using an ASP shell if the host is using PHP? just port the ASP shell to PHP, how hard can that be...

Thank for your reply, combine the two is impossible so there are other way can help me get logging user cookie? i thinking about read user cookie by the way insert some code to index.php like:
=============================

Code: (php) [Select]

<?php 
echo $_COOKIE["your cookie name"];
?>

=============================
But i don't know how to save the cookie or send cookie to my host

TheWormKill · « **Reply #3 on:** April 16, 2015, 12:14:36 pm »

Quote from: ekevjn on April 16, 2015, 09:17:38 am

Thank for your reply, combine the two is impossible so there are other way can help me get logging user cookie? i thinking about read user cookie by the way insert some code to index.php like:
=============================
Code: (php) [Select]
<?php echo $_COOKIE["your cookie name"]; ?>=============================
But i don't know how to save the cookie or send cookie to my host

It would be better to google first, before asking such a question.
http://lmgtfy.com/?q=php+cookie+stealer
How hard was that?

ekevjn · « **Reply #4 on:** April 17, 2015, 10:04:13 am »

Quote from: TheWormKill on April 16, 2015, 12:14:36 pm

It would be better to google first, before asking such a question.
http://lmgtfy.com/?q=php+cookie+stealer
How hard was that?

Thank for your reply.

The main method when i googling php cookie stealer that they exploit stored XSS but my hacked website isn't vulnerability with XSS so i thinking about insert some code to index.php about how the host handle user cookie and send it to me. That mean when user login ( over hybrid mode using google account) the host will check for user cookie and send it to me. (actualy the host using seesion for control and store them in uer cookie)

EvilZone

News:

Author Topic: [Needhelp] Can i embed .asp page in php page??? (Read 635 times)

ekevjn

[Needhelp] Can i embed .asp page in php page???

Kulverstukas

Re: [Needhelp] Can i embed .asp page in php page???

ekevjn

Re: [Needhelp] Can i embed .asp page in php page???

TheWormKill

Re: [Needhelp] Can i embed .asp page in php page???

ekevjn

Re: [Needhelp] Can i embed .asp page in php page???