Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Use this function on any page you want to check for RFI attempts on, and send the attempted payloads
- to @BallastSec for analysis.
- */
- function SendAnyRFIsToBallastSec($useGET = true, $usePOST = true, $useCOOKIE = false)
- {
- $urls = array();
- if($useGET === true)
- {
- foreach($_GET as $name => $value)
- {
- if(preg_match('/(http|https|ftp):\/\/[^\s]+/', urldecode($_GET[$name]), $matches) > 0)
- {
- array_push($urls, $matches[0]);
- }
- }
- }
- if($usePOST === true)
- {
- foreach($_POST as $name => $value)
- {
- if(preg_match('/(http|https|ftp):\/\/[^\s]+/', urldecode($_POST[$name]), $matches) > 0)
- {
- array_push($urls, $matches[0]);
- }
- }
- }
- if($useCOOKIE === true)
- {
- foreach($_COOKIE as $name => $value)
- {
- if(preg_match('/(http|https|ftp):\/\/[^\s]+/', urldecode($_COOKIE[$name]), $matches) > 0)
- {
- array_push($urls, $matches[0]);
- }
- }
- }
- foreach($urls as $index => $url)
- {
- $postdata = http_build_query(
- array('u' => urlencode(base64_encode($url)))
- );
- $opts = array(
- 'http'=>array(
- 'method'=>'POST',
- 'header'=>'Content-type: application/x-www-form-urlencoded',
- 'content' => $postdata,
- 'protocol_version' => 1.1
- )
- );
- $context = stream_context_create($opts);
- file_get_contents('https://defense.ballastsecurity.net/decoding/submit.php', false, $context);
- }
- }
- SendAnyRFIsToBallastSec();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement