Home>Network programming tutorial>ASP tutorial

Send COOKIE using Microsoft.XMLHTTP control

Author:Eve Cole Update Time:2025-04-08 18:48:02

Author: czy<[email protected]>

Source: http://www.nsfocus.net

Date: 2003-09-03

(Note that since the forum will process some characters in the article, it is best to

http://www.chinansl.com/czy/xmlhttp.txt Read the article

http://www.chinansl.com/czy/aspsky5.htm test code)

I believe you are already familiar with cross-site scripting attacks, but there is always one when you get COOKIE.

Question: Always use WINDOW.OPEN to pop up a form and then send COOKIE, so this is secret

It's a big discount. I used to think of an insertAdjacentHTML method to inject HTML statement in a web page

The method can barely be used to send COOKIE without an IE window, but in actual use, IE errors may occur.

Is there no better way? In the past, when studying the automatic upgrade of VBS viruses, I used a Microsoft.XMLHTTP.

Control (this control is something that comes with default on WIN98/2K, and it is the control IE thinks safe!), through it we

You can send http requests to the website on the web page, either POST or GET.

OK, the idea has come here. Let’s take ASPSKY5.00320 as an example.

We know that <IMGSRC="XXXXXX"> can be written in SRC with vbscript:. . for example

<imgsrc="vbscript:a=(msgbox(now))">, but we can only execute one statement, for example

<imgsrc="vbscript:a=(msgbox(now)):b=(msgbox(now))">This will be wrong!

What should I do? In VBS we can use EXECUTE statements, in JS we can use EVAL!

For example: <imgsrc="vbscript:execute("a=(msgbox(now)):b=(msgbox("czy""))")">

Or <imgsrc="javascript:eval('alert(/'nsfocus/');alert(/'czy/')')">

Not dizzy yet, right? As above you may notice that when using VBS's execute statement, double quotes should be changed to "this is because:

In VBS, single quotes must be enclosed with strings, two single quotes represent one and another quote, and within double quotes!

So in the execute statement, we cannot use single quotes, but directly use ", when HTML is quotation matched

It will match the quotes after src=", so we can only use " instead.

The quotation mark problem has been solved. In actual applications, ASPSKY will also process our code:

1: If you find a script string, you will add a space before it.

2: If you find the http string, it will be considered a URL and add <A> elements on both sides

3: If you find spaces, you will use them instead

Solve the problem:

1: vbscript is replaced by vbsCript

2: Use ""ht""+""tp... instead (there are more than one pair of applications in quotes and quotation marks in vbs, + represents the connector)

3: Use space instead (note not )

At the end, it is the issue of sending COOKIE:

1: The control can GET or POST any website locally, but it can only be used in the web page.

GET, POST current server. . . . Otherwise IE would say he would refuse to question!

2: Cookies cannot have characters with special interactions in the URL

Solve the problem:

Related Articles