PHPSESSID stealer

Discussion & Solutions
#1

EDIT***
If you cant ask for help what good is a forum. And don’t say stackoverflow, I wouldn’t be here if I already tried.

Yo!

Just trying to do some bug hunting, Ive got a vulnerable website that I can use JavaScript on to see the PHPSESSID cookie, but when I send it to my server, the PHPSESSID cookie isn’t there, just other information. HTTPOnly flag isn’t on.

The only problem I can think is its the php script, anyone have a working script or another method of obtaining the users PHPSESSID cookie?

Github script im using:
https://gist.github.com/BeanBagKing/0add7ca363ec0d8212db091579c4a9f2

JS script im using that works:

#2

What Kind of “help” Queries Are Not Allowed?

We do not allow anyone asking for the legal stuff illegally!

Some examples!

  • Asking legal content Illegally or asking any other illegal content that can hurt any brand or individual’s royalty is strictly prohibited from posting! :warning:
  • I want this course/tutorial/books, please anyone can give it to me, in case you guys have it? :thinking:
  • How to get the “xyz brand/company’s” free account or premium account for free? :smiley:
  • How to get code/key/License to grab the premium of any tool/app/account.
  • How can I earn money easily, rapidly, smoothly, efficiently… fast, etc? :woman_facepalming:
  • I need this tool/app/theme/plugin how to get this free/premium tool/app/login credentials, avoid asking to get things this way…
  • How to code this, can you help me with a coding script? I am stuck with code, now what to do? how to crack, find crack/patch, crack this or that <<< Please, avoid asking such deep programming language questions, as there is already a website dedicated for this stackoverflow! :slightly_frowning_face:
  • How to download a course from an online website or how to download a course from this or that site, avoid asking these queries here, See the available Solution, never ask these kind of questions here…

Beware!

6 Likes
#5
  • Check the various session/cookie settings in your php.ini. Then use an http debugger (e.g. httpfox or firebug’s net tab on firefox) to see what’s going across the wire. You’ve provided no useful information at all to properly help you. – Marc B Apr 21 '12 at 0:51

or

It looks like the cookie’s domain is being set to localhost. This will only work if you’re actually running your website from localhost. You need the session.cookie_domain to match your domain name, optionally with a . in front of it (as in .example.com) to also include subdomains.

1 Like