Skip to content

Instantly share code, notes, and snippets.

@felmoltor

felmoltor/secret.php

Last active August 23, 2023 20:47
Show Gist options
  • Save felmoltor/d6a149cfa35f80be353561eb7f1da181 to your computer and use it in GitHub Desktop.
Save felmoltor/d6a149cfa35f80be353561eb7f1da181 to your computer and use it in GitHub Desktop.
Download ZIP
secret 2 vuln
Raw
secret.php
// GET /secret.php?source=js/debug.js
// […]
<script defer nonce="ceT7vflNlU8YT58gnQnZH4xi">
const urlParams = new URLSearchParams(window.location.search);
const source = urlParams.get('source');
var s=document.createElement("script");
s.src=source;
document.head.appendChild(s);
</script>
// […]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment