In recent years, various sensors have been integrated into smartphones to sense the slight motions of human body. However, security researchers found that these sensors can not only be used in motion detection, but also as side-channel to reveal users' privacy data by inferring keystrokes. What is worse, as defined in W3C specifications, the mobile web applications can get these sensor readings silently without permissions from users. Therefore, when cross-site scripting vulnerabilities are found in a mobile web application, attackers can get users' privacy data remotely via these sensors in theory. However, these attacks are difficult to achieve by the fact that mobile web applications can only get sensor readings with low sampling rate in practical uses. In this paper, we proposed a novel ensemble learning algorithm based on weighted voting to improve the keystroke inferring accuracy in low sensors sampling rate. Based on this novel learning algorithm, a prototype system named WebLogger is developed to demonstrate the possibility of inferring the PIN numbers or passwords entered by mobile phone users from mobile web application silently. The results of experiments show that the prediction accuracy of our learning model can be improved to 70%, which is better than 50% in single machine learning algorithms.