Created
September 17, 2022 14:37
-
-
Save motebaya/03fe92b4a85395fe8bf14bd667b9e55e to your computer and use it in GitHub Desktop.
a simple js xss for kusonime.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| davins; (t.me/dvinchii) | |
| date: new Date() => { | |
| Sat Sep 17 2022 21:33:37 GMT+0700 (Western Indonesia Time) | |
| } | |
| */ | |
| async function getdata(){ | |
| return new Promise((resolve, reject) => { | |
| let data = {}; | |
| if (document.readyState == "complete"){ | |
| document.querySelectorAll(".smokeddl").forEach((content, index) => { | |
| let ttl = content.querySelector(".smokettl"); | |
| if (ttl !== null){ | |
| data[ttl.textContent] = {}; | |
| content.querySelectorAll(".smokeurl").forEach((url, i) => { | |
| let links = {}; | |
| url.querySelectorAll("a").forEach((u, i) => { | |
| links[u.textContent] = u.getAttribute("href") | |
| }); | |
| data[ttl.textContent][ | |
| url.getElementsByTagName("strong")[0].textContent | |
| ] = links; | |
| }); | |
| } | |
| }); | |
| resolve(data); | |
| } else { | |
| reject("content not loaded"); | |
| } | |
| }); | |
| } | |
| async function ask(list){ | |
| return new Promise((resolve, reject) => { | |
| query = prompt( | |
| list.map((e, i) => | |
| `${i+1}. ${e}` | |
| ).join("\n") + "\n\nChoice: " | |
| ); | |
| if (query){ | |
| query = parseInt(query) - 1; | |
| if (list.length > query){ | |
| resolve( | |
| list[query] | |
| ); | |
| } else { | |
| reject("wrong input"); | |
| } | |
| } else { | |
| reject("nothing choice"); | |
| } | |
| }); | |
| } | |
| async function kuso(){ | |
| try { | |
| const data = await getdata(); | |
| var choice = await ask( | |
| Object.keys(data) | |
| ); | |
| var res = data[choice]; | |
| var choice = await ask( | |
| Object.keys(res) | |
| ); | |
| var server = res[choice]; | |
| var choice = await ask( | |
| Object.keys(server) | |
| ); | |
| var lastSrvr = atob(new URL(server[choice]).searchParams.get("url")); | |
| var opOrnot = prompt(`${lastSrvr} \nOk for open url`); | |
| if (opOrnot !== null){ | |
| window.open(lastSrvr ,"_blank"); | |
| } else { | |
| alert("ok"); | |
| } | |
| } catch (err) { | |
| console.error(err); | |
| } | |
| } | |
| kuso(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
for quick use, just minify and add to browser bookmark